aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,826 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

64 Commits (master)

Author SHA1 Message Date
Jason Ish f1d305b373 doc: add upgrade note about suricatasc and suricatactl 2 days ago
Jeff Lucovsky dd344bd07c ftp: Move config file handling to Rust 
Issue: 4082

Move the configuration file handling to Rust.

These changes will no longer terminate Suricata when there's an invalid
value for ftp.memcap. Like earlier Suricata releases, an error message
is logged "Invalid value <value> for ftp.memcap" but Suricata will no
longer terminate execution. It will use a default value of "0" instead.
 4 days ago
Jason Ish 97e01a8cc8 doc/userguide: upgrade notes for Lua 
- Sandboxed Lua for rules
- Search path changes for Lua output scripts
 2 weeks ago
Jeff Lucovsky cfbf8fda94 doc/csum: Stream checksum validation change 
Describe the change of behavior between the stream.checksum-validation
setting and checksum-based rule keywords.
 1 month ago
Philippe Antoine a499529477 doc: improve documentation about guess-applayer-tx 
Ticket: 7199
 2 months ago
Philippe Antoine f2c3776314 detect: log app-layer metadata in alert with single tx 
Ticket: 7199

Uses a config parameter detect.guess-applayer-tx to enable
this behavior (off by default)

This feature is requested for use cases with signatures not
using app-layer keywords but still targetting application
layer transactions, such as pass/drop rule combination,
or lua usage.

This overrides the previous behavior of checking if the signature
has a content match, by checking if there is only one live
transaction, in addition to the config parameter being set.
 3 months ago
Jason Ish 820a3e51b7 requires: treat unknown requires keywords as unmet requirements 
For example, "requires: foo bar" is an unknown requirement, however
its not tracked, nor an error as it follows the syntax. Instead,
record these unknown keywords, and fail the requirements check if any
are present.

A future version of Suricata may have new requires keywords, for
example a check for keywords.

Ticket: #7418
 3 months ago
Jeff Lucovsky 1e0d3435db doc: add napatech plugin upgrade notes 
Issue: 7165
 5 months ago
Philippe Antoine 7ab833471e doc/rfb: mention accidental fix for security_result log 
Ticket: 7198
 5 months ago
Giuseppe Longo 036b68b0a9 doc: add new sip keywords 5 months ago
Jason Ish 15fe844ae7 syslog: deprecate 
The standalone syslog output is now deprecated for Suricata 8. Display
a warning on use and add notes to the userguide.

Ticket: #6544
 6 months ago
Jason Ish 5853fb922d tls-log: deprecate 
tls-log is now deprecated and will be removed in Suricata 9.0. Display
a deprecation notice on use, and add notes to the user guide.

Ticket: #6542
 6 months ago
Jason Ish ab26323a96 http-log: deprecate 
http-log is now deprecated and will be removed in Suricata
9.0. Display a deprecation notice on use, and add notes to the
userguide.

Issue: #6543
 6 months ago
Victor Julien fa9cae3899 doc/userguide: document logging changes from 6 to 7 
Minor other logging related improvements like clarifying language and
improving formatting for pdf output.
 7 months ago
Giuseppe Longo 70ed9f91d8 doc: add ldap protocol 8 months ago
Philippe Antoine bce8f4b853 detect/ssh: remove deprecated keywords 
Ticket: 2377
 8 months ago
Jason Ish 5f516c5896 doc: add pf-ring plugin upgrade notes 
Ticket: #7162
 8 months ago
Jason Ish d3c08b9643 doc: upgrade guide for dns logging changes 
Bug: #6281
 8 months ago
Shivani Bhardwaj c66f1f4488 doc: add note about datasets string memcaps 
Bug 3910
 8 months ago
Jeff Lucovsky d205ff82d0 doc/transform: Describe the from_base64 transform 
Issue: 6487

Document the new transform and indicate that it's the preferred way to
perform base64 decoding (preferred over base64_decode)
 8 months ago
Juliana Fajardini 43b998aa73 userguide/upgrade: add note about alerts' increase 
With triggering stream reassembly early, since for certain types of
rules there may be more alerts triggered - even in IPS mode, make this
clear in the upgrading section.

Bug #7026
 9 months ago
Philippe Antoine 7582b18a9f http: configures libhtp to allow spaces in uri 
Ticket: #2881
 10 months ago
Giuseppe Longo 8a171c9d74 doc: add arp changes 10 months ago
Giuseppe Longo 4f1e71bb4e doc: add sdp update 10 months ago
Juliana Fajardini 72146b969c eve/stats: allow hiding counters whose valued is 0 
Some stats can be quite verbose if logging all zero valued-counters.
This allows users to disable logging such counters. Default is still
true, as that's the expected behavior for the engine.

Task #5976
 11 months ago
Giuseppe Longo 3dc24a967a doc: add upgrade section for 8 1 year ago
Victor Julien 3456dea276 doc/userguide: update guidance on 5 to 6 upgrading 
TCP memory use can be higher than expected in certain configs.

Ticket: #6552.
 1 year ago
Shivani Bhardwaj 2b73a17bb0 detect: rename whitelist to score 
The term "whitelist" is actually used to store a list of DetectPort type
items for tcp and udp in detect.h. Using the same term for also keeping
the score that affects the grouping of rules is confusing. So, rename
the variable to "score".
 1 year ago
Juliana Fajardini f16d428fd1 userguide/upgrade: link to exception policy FAQ 
With the release of 7, people are starting to have issues with traffic
being blocked. While we don't add a more expansive documentation for
this, add a link to the FAQ covering possible fixes for drops caused by
the fail closed default behavior of the exception policies.
 2 years ago
Andreas Herz 24bcaf07ae doc/upgrade: add more 6 to 7 changes and minor improvements 
Issue: #5473
 2 years ago
Jason Ish 0b5dc58e15 doc/userguide: more eve http upgrade notes 
Add more information with a examples of how the changes to EVE HTTP
logging may affect users.
 2 years ago
Jeff Lucovsky ac8f91f44f config: Document cluster_rollover deprecation 
Issue: 6128

cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
 2 years ago
Jeff Lucovsky 29621c7f0d doc/afpacket: Document rollover deprecation 2 years ago
Jason Ish 14daa42e0b doc/userguide: dataset upgrade notes 2 years ago
Philippe Antoine 656554f293 http2: rename http2.header to http.request_header 
Or http.response_header based on the direction

http2.header had a different behavior than http.header and this was
confusing.

Ticket: #5780
 2 years ago
Philippe Antoine 5c419b79b7 doc: upgrade guide for logging http custom headers 
Ticket: #5320
 2 years ago
Jason Ish 5af73b3879 doc/userguide: document include files 
Document how to use include files, plus add a deprecation notice on
the use of multiple "include" statements.
 2 years ago
Jason Ish a71dee5516 doc/userguide: merge logging changes in 7.0 upgrade notes 
Two "Logging changes" sections existed, merge.
 2 years ago
Victor Julien 0903536fd6 doc: spelling 
Thanks to Josh Soref.
 2 years ago
Philippe Antoine 8f9cd8ff1a doc: security.limit-noproc upgrade note 
Ticket: #5621
 2 years ago
Victor Julien f4fa51986e doc: warn IPS users on new exception policy default 2 years ago
Juliana Fajardini 0d9289014b exceptions: add master switch config option 
This allows all traffic Exception Policies to be set from one
configuration point. All exception policy options are available in IPS
mode. Bypass, pass and auto (disabled) are also available in iDS mode

Exception Policies set up individually will overwrite this setup for the
given traffic exception.

Task #5219
 2 years ago
Todd Mortimer 15c77be937 swf-decompression: Disable by default. 
Add an entry to the upgrade guide noting the change.

Ticket: #5632
 2 years ago
Philippe Antoine a003640ecf security: prevents process creation 
with setrlimit NPROC.

So that, if Suricata wants to execve or such to create a new process
the OS will forbid it so that RCE exploits are more painful to write.

Ticket: #5373
 2 years ago
Jason Ish 6ceeb08351 doc/userguide: updates for eve dns v1 removal 
Ticket: #4157
 3 years ago
Jason Ish 7d6bc60abb doc/userguide: document ftp max-line-length 3 years ago
Philippe Antoine cfcade58ad http: move xff logging to alert object 
Ticket: 4860

instead of root field
 3 years ago
Jason Ish cda11b8d97 doc/update: mention change of default rule path 3 years ago
Juliana Fajardini de0ce26e3f userguide: update references to Suricata website 
Many places were still referencing the old Suricata page.
Used git grep with replace to update them. Checked that new links work.
Left old references when they were only documentation examples (for
output or unittests).

Task#4915
 3 years ago
Philippe Antoine 27dd0c6b3d eve/ftp-data: log alert metadata in ftp-data object 
Ticket: 4860

instead of directly in root
 3 years ago