aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,305 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '11bf60aa3a'
${ noResults }
Commit Graph

893 Commits (11bf60aa3a8476323403ec06c8259c4e7e182855)

Author SHA1 Message Date
Philippe Antoine 4933b817aa doc: fix byte_test examples 
As this keyword has 4 mandatory arguments, and some examples
had only three...

Ticket: 6629
 1 year ago
Juliana Fajardini a37fa62710 devguide: explain example-rule container usage 
Have these options documented, so that whoever writes rule-related
documentation can easily know what they could use to make the doc look
better.
 1 year ago
Juliana Fajardini fc2acf8cb0 devguide: fix main channels list 
Sphinx and RtD sometimes render lists in weird ways. The communication
channels list barely looked like one, at all...
 1 year ago
Juliana Fajardini d15877b2c0 devguide: update branches, refer to backports guide 
Update the list of active branches to include 7 renaming and new master,
link to backports document.
 1 year ago
Juliana Fajardini 9fbdfd219c devguide: add chapter with backports guide 
Task #6568
 1 year ago
Juliana Fajardini de8bffd244 devguide: doc from behavior changes needs ticket # 
If a commit introduces code that changes Suricata behavior, the related
documentation changes should go in a separate commit, but refer to the
same ticket number.
This reduces the chances of said changes being lost if there are backports
while still keeping the backporting process a bit less bulky, for each
commit.

Related to
Task #6568
 1 year ago
Juliana Fajardini 71e4ca81ef devguide: reorganize pr-workflow section 
This section seemed to aim both at PR reviewers and PR authors at the
same time, even though some info is probably of low value for
contributors.

Created new section for PR reviewers and maintainers, and kept the info
for PR authors separated. Also highlighted information on requested
changes and stale PRs.
 1 year ago
Juliana Fajardini 08eb67f74c devguide: make 'contributing' a chapter 
This could be justified from a semantic point of view, and also can help
in bringing more attention to where this information is, as it is less
hidden, now.

Also add Dev Guide as one of our resources in our Readme.
 1 year ago
Jason Ish 5d5b0509a5 requires: add requires keyword 
Add a new rule keyword "requires" that allows a rule to require specific
Suricata versions and/or Suricata features to be enabled.

Example:

  requires: feature geoip, version >= 7.0.0, version < 8;
  requires: version >= 7.0.3 < 8
  requires: version >= 7.0.3 < 8 | >= 8.0.3

Feature: #5972

Co-authored-by: Philippe Antoine <pantoine@oisf.net>
 1 year ago
Juliana Fajardini bba3d4fc63 userguide/eve: explain pgsql requests & responses 
Add a more visible explanation of that requests, responses, frontend and
and backend are, in Pgsql context, to avoid having to repeat that over
different portions of the docs.
 1 year ago
Juliana Fajardini 30ac77ce65 pgsql: add cancel request message 
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.

Task #6577
 1 year ago
Juliana Fajardini 7dcc2e7a71 doc/eve-format: break pgsql section to char limit 1 year ago
Jason Ish c1a8dbcb72 doc/userguide: document dns.query.name, dns.answer.name 
With some other minor cleanups in the DNS keyword section.
 1 year ago
Jason Ish b11bb1c412 detect: rename DetectAppLayerInspectEngineRegister2 
Rename DetectAppLayerInspectEngineRegister2 to
DetectAppLayerInspectEngineRegister as there is no other variant of
this function, and the versioning with lack of supporting
documentation can lead to confusion.
 1 year ago
Jason Ish 50be098839 detect: rename DetectAppLayerMpmRegister2 to DetectAppLayerMpmRegister 
The old DetectAppLayerMpmRegister has not been around since 4.1.x.
Rename the v2 of this function to a versionless function as there is no
documentation referring to what the 2 means.
 1 year ago
Victor Julien 3456dea276 doc/userguide: update guidance on 5 to 6 upgrading 
TCP memory use can be higher than expected in certain configs.

Ticket: #6552.
 1 year ago
Shivani Bhardwaj b9540df5ad doc: clarify IP-only with iprep 1 year ago
jason taylor fc81c99b58 doc: add file.name information to smtp keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 9d1ad0187e doc: add file.name information to nfs keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 327ba7397a doc: add file.name information to smb keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor e4077b8803 doc: update ftp keyword doc example rule format 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor bb1f7575d3 doc: add file.name information to ftp keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor bbc17b1c7d doc: add file.name information to http keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Shivani Bhardwaj 2b73a17bb0 detect: rename whitelist to score 
The term "whitelist" is actually used to store a list of DetectPort type
items for tcp and udp in detect.h. Using the same term for also keeping
the score that affects the grouping of rules is confusing. So, rename
the variable to "score".
 1 year ago
Jason Ish cc0adaaf4a userguide: remove old css files 
In our conf.py we reference some ReadTheDocs stylesheets that appear to
be old and break formatting of some items like bulletted lists.

Bug: #6589
 1 year ago
Philippe Antoine 32cce122e1 detect: header_lowercase transform 
Ticket: 6290
 1 year ago
jason taylor c50002978d doc: update file.data keyword documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Juliana Fajardini a649a92afd userguide: update tls not_after/not_before mentions 
Our tls fields not_after and not_before are actually logged as
`notafter` and `notbefore`, but were documented with the underscore.

Update the documentation, since updating the log format itself would be
a breaking change.

Task #5494
 1 year ago
Juliana Fajardini 58fb559594 userguide: document flow_id, with examples 
Flow_id explanation expanded from version shared by Peter Manev.

Task #6445
 1 year ago
Sascha Steinbiss 0c55fe3515 detect: add mqtt.connect.protocolstring 
Ticket:  OISF#6396
 1 year ago
Victor Julien 6b2c33990f doc/userguide: add tag keyword page 
Ticket: #3015.
 1 year ago
Victor Julien 4a02a14df1 doc/userguide: document host table yaml settings 1 year ago
Jeff Lucovsky 9ee55d2394 doc/transform: Document case-changing transforms. 
Issue: 6439
 1 year ago
Ralph Eastwood 9865164e75 napatech: update docs to remove hba reference 1 year ago
Philippe Antoine ab9b6e30b1 detect: adds flow integer keywords 
Ticket: #6164

flow.pkts_toclient
flow.pkts_toserver
flow.bytes_toclient
flow.bytes_toserver
 1 year ago
Kirjan Kohuladas c8a7204b15 doc/rule-profiling: fix suricatasc typo 1 year ago
Juliana Fajardini 54d8f45afc userguide: add proper label to RPM install section 
Use a reference label that is stable, instead of one that could change
in case a new section is added above it.
 1 year ago
Daniel Olatunji 0e5fdbb8fb doc: be consistent with the use of "sudo" 
Issue: #5720
 1 year ago
Comfort Amaechi cf8b630ed2 userguide: cover install-full and install-conf 
Ticket: #6342
 1 year ago
jason taylor 535938d7f6 doc: add tls.cert_chain_len docs 
Ticket: #6386

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Juliana Fajardini 1a132f454a docs: adjust readthedocs config to new options 
Our documentation was failing to build, seems connected to the new way
of indicating build options (cf
https://readthedocs.org/projects/suricata/builds/22112658/,
https://docs.readthedocs.io/en/stable/config-file/v2.html#build,
and https://docs.readthedocs.io/en/stable/config-file/v2.html#build-os).

Added the build.os required new field, and adjusted the way python
version is passed.

For the new configuration style for read the docs, one of the ways to
pass extra configuration for python is having a requirements file.
 1 year ago
Juliana Fajardini ffed5eb3d3 doc/quickstart: add software-properties instruction 
This is indicated in the `Installation` section, but not in the
quickstart, and it felt like a valid addition, here, too.
 1 year ago
Juliana Fajardini 4ab4f711de doc/install: link to devguide's install from git 
Although we have an updated version of instructions for installation
from git, our install guide was only referring to RedMine, which is less
up-to-date.

Kept that reference, since it might still be useful for non-Ubuntu
cases.
 1 year ago
Shivani Bhardwaj 0a4011655f doc/code-submission: add commit sign guide 1 year ago
Travis Green 96a0e7016f doc: add tcp flags documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Jason Ish 2b57179d65 readthedocs: pin theme to sphinx_rtd_theme 
ReadTheDocs changed the default theme.
 2 years ago
Jason Ish ae3b1a9e36 configure: more idiomatic autoconf for sphinx-build checks 
- Use SPHINX_BUILD instead of HAVE_SPHINX_BUILD, as here we're
  actually using the path of the program.

- Wrap some elements in [] as is done in modern idiomatic autoconf
 2 years ago
Victor Julien c0201d3212 doc/userguide: add reload-tenant(s) doc 2 years ago
Victor Julien 6ba0956a75 multi-tenant: allow reload w/o yaml path 
Store yaml path in de ctx, for reloads w/o path.

This allows for a simpler `reload-tenant N`, where the previously
used yaml is reloaded.
 2 years ago
Victor Julien c87803ea0e detect: add multi-detect.config-path 
Add option to specify path from which to load the tenants.

Mostly meant to be used in testing.
 2 years ago