aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,364 Commits
7 Branches
159 Tags
196 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '15c4eb3d16'
${ noResults }
Commit Graph

388 Commits (15c4eb3d16b114610edf31f86f68ca2a093f81cf)

Author SHA1 Message Date
Philippe Antoine e47598110a detect/datasets: implement unset command 
Ticket: 7195

Otherwise, Suricata aborted on such a rule
 10 months ago
Giuseppe Longo 036b68b0a9 doc: add new sip keywords 10 months ago
jason taylor f46a8776ec doc: add note about big endian for icmp_seq match 10 months ago
Philippe Antoine 0ebb84538e http2: add frames support 
Ticket: 5743

Why ? To add detection capabilities
 10 months ago
Juliana Fajardini 246acc7140 userguide: clarify flow:stateless explanation 
While not incorrect, the previous wording made the sentence almost
paradoxical. While at it, also highlight a side effect that might not be
so clear to users.

Related to
Bug #6976
 11 months ago
Philippe Antoine 62a186ceef detect/rfb: move keywords to rust 
Ticket: 7178

On the way, convert rfb.secresult to a generic integer with enumeration
cf ticket 6723
 11 months ago
Philippe Antoine 0b2ed97f36 ssh: frames support 
Ticket: 5734

Adds frames for SSH records, that come after banner, and before
the data is encrypted.
These records may contain cipher lists for instance.
 11 months ago
Philippe Antoine bce8f4b853 detect/ssh: remove deprecated keywords 
Ticket: 2377
 12 months ago
Philippe Antoine 0a1062fad2 detect/mqtt: move keywords to rust 
Ticket: 4863

On the way, convert some keywords to use the first-class integer
support.
And helpers for pure rust the support for multi-buffer.

Move the C unit tests about keyword mqtt.protocol_version
to unit tests for generic integer parsing, and test version 5
instead of testing twice version 3.

Also iterate all tx's messages for reason code as is done for other
keywords.

And allow detection on empty topics.
 12 months ago
Victor Julien afc318737a doc/userguide: document threshold backoff type 1 year ago
Victor Julien e362a01f8d doc/userguide: document new threshold config options 1 year ago
Victor Julien 405491c3fc detect/detection_filter: add support for track by_flow 1 year ago
Victor Julien 3f04af7c7f doc: add thresholding by_flow 1 year ago
Jeff Lucovsky 01e20c91fb doc/transform: Correct typo 1 year ago
Jeff Lucovsky d205ff82d0 doc/transform: Describe the from_base64 transform 
Issue: 6487

Document the new transform and indicate that it's the preferred way to
perform base64 decoding (preferred over base64_decode)
 1 year ago
Victor Julien 3d059611c3 detect: add tls.alpn keyword 
Ticket: #7108.
 1 year ago
Philippe Antoine ae72376ebe detect/snmp: move keywords to rust 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
 1 year ago
Victor Julien 8b42182fee doc/userguide: document iprep isset/isnotset 1 year ago
Victor Julien 2f74d435d3 doc/userguide: add more operators to iprep 1 year ago
Victor Julien 50ef646d45 doc/userguide: add noalert/alert keyword docs 1 year ago
Victor Julien c83e3285ae doc/userguide: give pcre1 to pcre2 proper heading 1 year ago
Philippe Antoine 82c03f72c3 enip: convert to rust 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
 1 year ago
Victor Julien 17b32f98d7 doc/userguide: fix rule container typo 
Fixes: 8781e9352a ("doc/userguide: add documentation for SMTP frames")
 1 year ago
Victor Julien 8781e9352a doc/userguide: add documentation for SMTP frames 1 year ago
Jason Ish 3eb8c728fd doc: update lua sandbox docs for allowed packages/functions 1 year ago
Jo Johnson ba6a976e06 doc: Initial doc for lua sandbox 1 year ago
Jo Johnson 712496bb3f lua: Remove luajit support 
lua 5.4 support is not available in luajit

Ticket: #4776
 1 year ago
Shivani Bhardwaj 719fda3967 doc: add description about tls.subjectaltname 
Feature 5234
 1 year ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 1 year ago
Philippe Antoine fcdd7f000a detect: add options to app-layer-protocol keyword 
Ticket: 4921

app-layer-protocol keyword accept an optional mode to precise
which protocol we want to match: toclient, toserver, final,
or original
 1 year ago
Shivani Bhardwaj 6d92596548 doc: add note about fast_pattern w base64_data 
Bug 5220
 1 year ago
jason taylor abb74245cc doc: update normalization notes 
Ticket: #6781

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 5dacf4d92b doc: add http.connection ref and fix location 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Victor Julien fcca5c7514 detect/iprep: update doc about 0 value 
A value of 0 was already allowed by the rule parser, but didn't
actually work.

Bug: #6834.
 1 year ago
jason taylor aa919f8081 doc: update flowbits information 
Ticket: #6991

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Philippe Antoine 44b6aa5e4b app-layer: websockets protocol support 
Ticket: 2695
 1 year ago
Sascha Steinbiss 120313f4da ja4: implement for TLS and QUIC 
Ticket: OISF#6379
 1 year ago
Jeff Lucovsky 7a5a1e2560 doc: Describe noalert keyword 
Issue: 6685
 1 year ago
jason taylor 7de16809ef doc: update http keyword listing order 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 8b3db3c3b5 doc: update file.name keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 49dba7bb94 doc: update file.data keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor bee3aa9709 doc: update http.response_header keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor dcb548106e doc: update http.request_header keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 3f5d228b9e doc: update http.host http.host.raw keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 739dfe5e5e doc: update http.location keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 9ddd8cf9e0 doc: update http.server keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 3af98f3b92 doc: update http.response_body keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 64760e2e75 doc: update http.response_line keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 566bc0d39c doc: update http.stat_msg keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 271321249f doc: update http.stat_code keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago