aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,826 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

139 Commits (master)

Author SHA1 Message Date
Jeff Lucovsky a3a3ad8968 doc/output: EVE output buffering related settings 3 days ago
Jason Ish 97e01a8cc8 doc/userguide: upgrade notes for Lua 
- Sandboxed Lua for rules
- Search path changes for Lua output scripts
 2 weeks ago
Philippe Antoine a499529477 doc: improve documentation about guess-applayer-tx 
Ticket: 7199
 2 months ago
Philippe Antoine f2c3776314 detect: log app-layer metadata in alert with single tx 
Ticket: 7199

Uses a config parameter detect.guess-applayer-tx to enable
this behavior (off by default)

This feature is requested for use cases with signatures not
using app-layer keywords but still targetting application
layer transactions, such as pass/drop rule combination,
or lua usage.

This overrides the previous behavior of checking if the signature
has a content match, by checking if there is only one live
transaction, in addition to the config parameter being set.
 3 months ago
Sascha Steinbiss 285cc29ec0 redis: add automatic trimming support for streams 4 months ago
Sascha Steinbiss d3d9f1c395 redis: implement XADD stream support 
Ticket: #7082
 4 months ago
Juliana Fajardini 55b922ceed tls/conf: clarify usage of custom vs extended logs 
Since enabling custom logging will replace the extended logging, thus
possibly leading to certain fields disappearing from the logs, mention
this aspect.

Related to
Bug #7333
 4 months ago
Jason Ish 6ae5ae701b doc/userguide: generate eve documentation 
Add EVE documentation for QUIC and Pgsql to their respective sections of
the userguide.

Also add a complete EVE reference as an appendix.

Other protocols can be done, but its a manual process to document in the
schema, then add the glue to pull them into the documentation.

The documentation is generated during "make dist", or if it doesn't
exist, "conf.py" will attempt to generate the eve documentation for
building on Readthedocs.
 5 months ago
Jeff Lucovsky 8064847fc6 doc: Document reference config setting 
Issue: 4974
 5 months ago
Sascha Steinbiss cb14e44780 userguide: fix spelling of `security_result` EVE field 
This ensures that the correct spelling of the `security_result` EVE
field for RFB (as opposed to `security-result`) is also reflected in the
documentation.

Ticket: #7210
 6 months ago
Jason Ish 5853fb922d tls-log: deprecate 
tls-log is now deprecated and will be removed in Suricata 9.0. Display
a deprecation notice on use, and add notes to the user guide.

Ticket: #6542
 6 months ago
Jason Ish ab26323a96 http-log: deprecate 
http-log is now deprecated and will be removed in Suricata
9.0. Display a deprecation notice on use, and add notes to the
userguide.

Issue: #6543
 6 months ago
Philippe Antoine e0fd59a20d doc: state that payload-length includes the gaps 8 months ago
Jason Ish 4d3d57249a doc: update dns section of the eve format documentation 8 months ago
Sascha Steinbiss 53c62432c6 doc: update MQTT configuration 8 months ago
Philippe Antoine c9ce43b31e output: configurable payload_length field for alerts 
Ticket: 7098
 8 months ago
Victor Julien c79a382e42 eve/tls: log ALPN for client and server 
Part of the extended logging.

Logs `client_alpns` and `server_alpns` arrays in the tls object.

Ticket: #7055.
 8 months ago
Giuseppe Longo 8a171c9d74 doc: add arp changes 10 months ago
Juliana Fajardini bb59124063 yaml: unify 0 stats counter config option terms 
When we added feature #5976 (72146b969), we overlook that we also have
a config stats option for the human-readable stats logs to output
0 counters.
Due to not seeing this before, we now have two different setting names
for basically the same thing, but in different logs:
- zero-valued-counters for EVE
- null-values for stats.log

This ensures we use the same terminology, and change the recently added
one to `null-values`, as this one has been around for longer.

Task #6962
 11 months ago
Sascha Steinbiss 120313f4da ja4: implement for TLS and QUIC 
Ticket: OISF#6379
 11 months ago
Juliana Fajardini 72146b969c eve/stats: allow hiding counters whose valued is 0 
Some stats can be quite verbose if logging all zero valued-counters.
This allows users to disable logging such counters. Default is still
true, as that's the expected behavior for the engine.

Task #5976
 11 months ago
Lukas Sismis 6e4cc79b39 doc: remove references to prehistoric versions 
Remove references that are mentioning Suricata 3 or less
As a note - only one Suricata 4 reference found:
(suricata-yaml.rst:"In 4.1.x")
Fast pattern selection criteria can be internally found by inspecting
SupportFastPatternForSigMatchList and SigTableSetup functions.

Ticket: #6570
 1 year ago
Juliana Fajardini bba3d4fc63 userguide/eve: explain pgsql requests & responses 
Add a more visible explanation of that requests, responses, frontend and
and backend are, in Pgsql context, to avoid having to repeat that over
different portions of the docs.
 1 year ago
Juliana Fajardini 30ac77ce65 pgsql: add cancel request message 
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.

Task #6577
 1 year ago
Juliana Fajardini 7dcc2e7a71 doc/eve-format: break pgsql section to char limit 1 year ago
Juliana Fajardini a649a92afd userguide: update tls not_after/not_before mentions 
Our tls fields not_after and not_before are actually logged as
`notafter` and `notbefore`, but were documented with the underscore.

Update the documentation, since updating the log format itself would be
a breaking change.

Task #5494
 1 year ago
Juliana Fajardini 58fb559594 userguide: document flow_id, with examples 
Flow_id explanation expanded from version shared by Peter Manev.

Task #6445
 1 year ago
Juliana Fajardini 9900bdc162 userguide/eve: format and reorganize alert section 
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.
 2 years ago
Juliana Fajardini 0437173848 output/drop: add verdict field 
Related to
Bug #5464
 2 years ago
Philippe Antoine 9287cbc33a http: logs custom headers in a subobject 
This subobject is request_headers or response_headers

This especially avoids json keys collisions.

Ticket: #5320

Also fixes typo referrer/referer
 2 years ago
Victor Julien c0d9b3c078 doc/userguide: spelling 2 years ago
Lancer Cheng 6142593a69 doc: add version filed in NTLMSSP documentation 
Bug OISF#5783
 2 years ago
jason taylor 8e5b1fe8e6 userguide: add DHCP EVE log information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jason Ish 9d653512f9 doc/userguide: update bittorrent-dht eve examples 
Update the bittorrent-dht examples using real log records with peers
and nodes broken down into objects.
 2 years ago
Jason Ish 065f3ab9f1 doc: rename bittorrent-dht to bittorrent_dht in eve output 2 years ago
Aaron Bungay d166c48d28 docs: update for bittorrent-dht app-layer 2 years ago
Lukas Sismis e101384e7b transversal: remove suricata-ids.org references 2 years ago
Andreas Dolp db73a12540 doc/tls: Add documentation for TLS logging 3 years ago
Andreas Dolp f42bb45ccd doc/tls: Remove redundant example 3 years ago
Eric Leblond 6f06f7c22c doc: add info about capture_file key 3 years ago
Jason Ish 6ceeb08351 doc/userguide: updates for eve dns v1 removal 
Ticket: #4157
 3 years ago
Juliana Fajardini 579d7dcc01 pgsql: add initial support 
- add nom parsers for decoding most messages from StartupPhase and
SimpleQuery subprotocols
- add unittests
- tests/fuzz: add pgsql to confyaml

Feature: #4241
 3 years ago
Emmanuel Thompson 9ad60e7661 doc/quic: Add quic to eve json format 3 years ago
Odin Jenseg 2a5d79e426 doc/eve-json-format/dns: Describing Z-bit 3 years ago
Juliana Fajardini 7c636d25c7 userguide: (nit) fix typo in lua-output page 3 years ago
Juliana Fajardini 6b8b58f98a doc/eve: common fields and alert updates 
- update examples for both
- change app_proto from alert field to common field, as
  per JsonBuilder's changes.
 4 years ago
Juliana Fajardini eacf933edf doc/eve: fix typos 4 years ago
Simon Dugas 0ed62e93ec doc/modbus: add eve logging documentation 4 years ago
frank honza f83d51d0cb ike: set event for multiple server proposals 4 years ago
frank honza ab59ef0d79 ikev1: add documentation for ikev1 4 years ago