aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,189 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '058ad87089'
${ noResults }
Commit Graph

897 Commits (058ad870891beb120722daf7b384a106ad3be038)

Author SHA1 Message Date
Giuseppe Longo 70ed9f91d8 doc: add ldap protocol 8 months ago
Philippe Antoine bce8f4b853 detect/ssh: remove deprecated keywords 
Ticket: 2377
 8 months ago
Philippe Antoine 0a1062fad2 detect/mqtt: move keywords to rust 
Ticket: 4863

On the way, convert some keywords to use the first-class integer
support.
And helpers for pure rust the support for multi-buffer.

Move the C unit tests about keyword mqtt.protocol_version
to unit tests for generic integer parsing, and test version 5
instead of testing twice version 3.

Also iterate all tx's messages for reason code as is done for other
keywords.

And allow detection on empty topics.
 8 months ago
Jason Ish 5f516c5896 doc: add pf-ring plugin upgrade notes 
Ticket: #7162
 8 months ago
Philippe Antoine e0fd59a20d doc: state that payload-length includes the gaps 8 months ago
Jason Ish 4d3d57249a doc: update dns section of the eve format documentation 8 months ago
Jason Ish d3c08b9643 doc: upgrade guide for dns logging changes 
Bug: #6281
 8 months ago
Sascha Steinbiss 53c62432c6 doc: update MQTT configuration 8 months ago
Shivani Bhardwaj c66f1f4488 doc: add note about datasets string memcaps 
Bug 3910
 8 months ago
Victor Julien afc318737a doc/userguide: document threshold backoff type 8 months ago
Victor Julien e362a01f8d doc/userguide: document new threshold config options 8 months ago
Victor Julien 405491c3fc detect/detection_filter: add support for track by_flow 8 months ago
Victor Julien 3f04af7c7f doc: add thresholding by_flow 8 months ago
Jeff Lucovsky 01e20c91fb doc/transform: Correct typo 8 months ago
Jeff Lucovsky d205ff82d0 doc/transform: Describe the from_base64 transform 
Issue: 6487

Document the new transform and indicate that it's the preferred way to
perform base64 decoding (preferred over base64_decode)
 8 months ago
Philippe Antoine c9ce43b31e output: configurable payload_length field for alerts 
Ticket: 7098
 8 months ago
Victor Julien 3d059611c3 detect: add tls.alpn keyword 
Ticket: #7108.
 8 months ago
Victor Julien c79a382e42 eve/tls: log ALPN for client and server 
Part of the extended logging.

Logs `client_alpns` and `server_alpns` arrays in the tls object.

Ticket: #7055.
 8 months ago
Philippe Antoine ae72376ebe detect/snmp: move keywords to rust 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
 9 months ago
Lukas Sismis bd9608771e doc: port user install and build instruction from master-6.0.x 
Ticket: #6686
 9 months ago
Lukas Sismis 521d1cb8e7 doc: update eBPF compilation instructions 
Ticket: #6599
 9 months ago
Victor Julien 8b42182fee doc/userguide: document iprep isset/isnotset 9 months ago
Victor Julien 2f74d435d3 doc/userguide: add more operators to iprep 9 months ago
Victor Julien 50ef646d45 doc/userguide: add noalert/alert keyword docs 9 months ago
Victor Julien c83e3285ae doc/userguide: give pcre1 to pcre2 proper heading 9 months ago
Juliana Fajardini 43b998aa73 userguide/upgrade: add note about alerts' increase 
With triggering stream reassembly early, since for certain types of
rules there may be more alerts triggered - even in IPS mode, make this
clear in the upgrading section.

Bug #7026
 9 months ago
Philippe Antoine 82c03f72c3 enip: convert to rust 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
 9 months ago
Victor Julien 17b32f98d7 doc/userguide: fix rule container typo 
Fixes: 8781e9352a ("doc/userguide: add documentation for SMTP frames")
 9 months ago
Victor Julien 8781e9352a doc/userguide: add documentation for SMTP frames 9 months ago
Juliana Fajardini aeb200e001 devguide: highlight commit message example 
Although we have the example for a commit message in our Code Submission
Process sub-chapter, seems that people still oversee it a lot. It was
suggested that we put it in a note-box, to make it more visible.
 9 months ago
Jason Ish 3eb8c728fd doc: update lua sandbox docs for allowed packages/functions 9 months ago
Jason Ish bc011f2205 lua: use rust crate to vendor (bundle) lua 
Remove lua-dev(el) from all CI tests.
 9 months ago
Jo Johnson ba6a976e06 doc: Initial doc for lua sandbox 9 months ago
Jo Johnson 712496bb3f lua: Remove luajit support 
lua 5.4 support is not available in luajit

Ticket: #4776
 9 months ago
Jo Johnson 586c92d9d5 lua: require lua 5.4 
github-ci: Disable lua on debian 10 as it doesn't have Lua 5.4.

Ticket: #4776
 9 months ago
jason taylor 47d6c3a3ab doc: add source verification docs 
Ticket: #6908

Signed-off-by: jason taylor <jtfas90@gmail.com>
 9 months ago
Shivani Bhardwaj 719fda3967 doc: add description about tls.subjectaltname 
Feature 5234
 9 months ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 10 months ago
Philippe Antoine 7582b18a9f http: configures libhtp to allow spaces in uri 
Ticket: #2881
 10 months ago
Giuseppe Longo 8a171c9d74 doc: add arp changes 10 months ago
Philippe Antoine fcdd7f000a detect: add options to app-layer-protocol keyword 
Ticket: 4921

app-layer-protocol keyword accept an optional mode to precise
which protocol we want to match: toclient, toserver, final,
or original
 10 months ago
Philippe Antoine 715bf048ee frames: rust API makes tx_id explicit 
And set it right for SIP and websocket,
so that relevant tx app-layer metadata gets logged.

Ticket: 6973
 10 months ago
Shivani Bhardwaj 6d92596548 doc: add note about fast_pattern w base64_data 
Bug 5220
 10 months ago
jason taylor abb74245cc doc: update normalization notes 
Ticket: #6781

Signed-off-by: jason taylor <jtfas90@gmail.com>
 10 months ago
jason taylor 5dacf4d92b doc: add http.connection ref and fix location 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 10 months ago
Victor Julien fcca5c7514 detect/iprep: update doc about 0 value 
A value of 0 was already allowed by the rule parser, but didn't
actually work.

Bug: #6834.
 10 months ago
jason taylor aa919f8081 doc: update flowbits information 
Ticket: #6991

Signed-off-by: jason taylor <jtfas90@gmail.com>
 10 months ago
Giuseppe Longo 4f1e71bb4e doc: add sdp update 10 months ago
Juliana Fajardini bb59124063 yaml: unify 0 stats counter config option terms 
When we added feature #5976 (72146b969), we overlook that we also have
a config stats option for the human-readable stats logs to output
0 counters.
Due to not seeing this before, we now have two different setting names
for basically the same thing, but in different logs:
- zero-valued-counters for EVE
- null-values for stats.log

This ensures we use the same terminology, and change the recently added
one to `null-values`, as this one has been around for longer.

Task #6962
 11 months ago
Philippe Antoine 44b6aa5e4b app-layer: websockets protocol support 
Ticket: 2695
 11 months ago