aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,581 Commits
8 Branches
171 Tags
221 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.5
suricata-7.0.16
suricata-8.0.4
suricata-7.0.15
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4c16032f63'
${ noResults }
Commit Graph

77 Commits (4c16032f63c85eb6bb29b37505440cfe9072c372)

Author SHA1 Message Date
Arne Welzel f9cf87a003 schema: Add stats.capture and in_iface properties 
New suricata-verify test listens on loopback interface, resulting
in the capture and in_iface fields in the stats and event objects.
 2 years ago
Jason Ish c2ecae9b82 schema: add flow.wrong_thread 2 years ago
Giuseppe Longo c9d309219e rust/sip: register parser for tcp 
This patch lets the parser to work over tcp protocol, taking care of handling
data before calling the request/response parsers.

Ticket #3351.
 2 years ago
Hadiqa Alamdar Bukhari 6c193b1a3d dns: add missing dns keywords to schema.json 
Found and added missing dns fields in schema.json after manual code review.
Added description to these newly added dns fields.
Feature #5642
 2 years ago
Shivani Bhardwaj 487ba82fb9 eve/stats: add description for applayer flows 
Ticket 6434
 2 years ago
Shivani Bhardwaj 8817514bea eve/stats: add description for expectations 
Ticket 6434
 2 years ago
Shivani Bhardwaj 1816e98ef0 eve/stats: add description for applayer errors 
Ticket 6434
 2 years ago
Shivani Bhardwaj 5a1a32ba5b eve/stats: add description for common fields 
Ticket 6434
 2 years ago
Jason Ish 90ae3a223f eve/schema: allow authorities in dns.answers in alert 
Factor out dns.authorities to a definition.
 2 years ago
Jason Ish b453eea150 stats: add rules skipped 
Rule skipped is a count of the number of rules that are skipped due to
missing requirements.

Feature: #6637
 3 years ago
Philippe Antoine f714678d72 schema: adds missing modbus field 
./stats/app_layer/error/modbus
 3 years ago
Juliana Fajardini 467c3f2c64 schema: apply clang formatting changes 3 years ago
Juliana Fajardini 30ac77ce65 pgsql: add cancel request message 
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.

Task #6577
 3 years ago
Philippe Antoine 8c5310aefd doc: quic in eve/schema 
Ticket: #6076
 3 years ago
Jeff Lucovsky 904f0ddeee stats: Track stream reassembly drops 
Issue: 6235
 3 years ago
Yatin Kanetkar b67ff4badf dhcp: Log Vendor Client Identifier (dhcp option 60) 
* Log vendor client identifier (dhcp option 60) if extended dhcp
logging is turned on. This required the `vendor_client_identifier` to
be added to the json schema. Validation done using an SV Test
* Added `requested_ip` to the json schema as well, since it was
missed. My SV test failed without it.

Feature #4587
 3 years ago
Jason Ish 3802a51552 eve/schema: add host 
The "host" field is added to EVE events if the "sensor-name" field is
configured in suricata.yaml.
 3 years ago
Jeff Lucovsky 424f12d1b3 schema: Add memcap pressure values 
Issue: 6094

This commit extends the EVE schema with memcap_pressure values; these
are included in the stat event type records.
 3 years ago
Philippe Antoine b12a35c3cf output: add storing boolean for files 
When filestore keyword is triggered, the file is not yet stored,
when the alert is generated, but only marked for storing.

Ticket: 4881
 3 years ago
Philippe Antoine f35052941d jsonschema: add missing field .files[].file_id 3 years ago
Victor Julien 1f9767a9cb stats: add drop reason counters 
{
  "accepted": 296185,
  "blocked": 162,
  "rejected": 0,
  "replaced": 0,
  "drop_reason": {
    "decode_error": 0,
    "defrag_error": 0,
    "defrag_memcap": 0,
    "flow_memcap": 0,
    "flow_drop": 94,
    "applayer_error": 0,
    "applayer_memcap": 0,
    "rules": 3,
    "threshold_detection_filter": 0,
    "stream_error": 63,
    "stream_memcap": 0,
    "stream_midstream": 2,
    "nfq_error": 0,
    "tunnel_packet_drop": 0
  }
}

Ticket: #6230.
 3 years ago
Victor Julien 735c37c668 eve/schema: add ips capture stats 3 years ago
Juliana Fajardini 0437173848 output/drop: add verdict field 
Related to
Bug #5464
 3 years ago
Juliana Fajardini 53b8defd79 output/alert: add verdict field 
Related to
Bug #5464
 3 years ago
Philippe Antoine 4f4651e360 output/file: http2 metdata is logged in http object 
as is done for http2 events and alerts.
The http.version integer can help to determine if this is HTTP2

Ticket: #6165
 3 years ago
Juliana Fajardini 05417407b3 schema: add missing flow event property: emergency 3 years ago
Jeff Lucovsky 9dc68ac59a json/schema: Add additional VLAN layer stat 
Issue: 2816

This commit extends the JSON schema with the additional VLAN stat for
tracking VLAN encapsulated packets with 3 levels.
 3 years ago
Eric Leblond a73c9b0e40 output: target keys have port 
Update JSON schema to support signature with target keyword
 3 years ago
Victor Julien a8057eeed8 eve/schema: spelling 3 years ago
Philippe Antoine 416a780f69 jsonschema: do not enforce keys for alert metadata 
As this is a free field and can have any key based on a rule
 3 years ago
Jason Ish 3a44197183 schema: add "message_id" to email 3 years ago
Jason Ish bf079c9214 schema: fix optional 
"optional" is not part of jsonschema. Instead an array named "required"
is used to list all field names that are required.
 3 years ago
Jason Ish 49ba378d38 schema: fix engines section 
The definition of items is an object, not an array.
 3 years ago
Lancer Cheng 08b17e9778 eve: add version and warning in ntlmssp 
Bug OISF#5783
 3 years ago
Victor Julien 7e6154a26f stream: add counter for acks for unseen data 
This is another indicator for packet loss or strange captures.
 3 years ago
Victor Julien 83a16a7a89 eve/stream: per packet stream engine logging 
Debug facility to get a per packet view into the stream engine's state.

Logs after a packet has been processed in the stream engine, so the view
into the state includes the updates based on the current packet.

Marked as experimental so it can be changed w/o notice.

Bug: #5876.
 3 years ago
Victor Julien 66ed3ae6e4 flow/mgr: remove flows_timeout_inuse counter 3 years ago
Jason Ish 59d9a51bad eve: remove dcerpc.interface from schema 
Looks like this was due to an error in the dcerpc logging where the
interfaces should have been logged to the "interfaces" array that was
already defined.

Issue: 5814
 3 years ago
Jason Ish ef48c5064f schema: add regular expression for tls date format 3 years ago
Jeff Lucovsky c1c67536b6 decode/stat: Add decode counters for unknown/arp 
Issue: 5761

This commit adds statistics for ARP and unknown ethertype packets for
diagnostic purposes.
 3 years ago
Shivani Bhardwaj 8e3acf1695 eve/schema: add udp.len_invalid 3 years ago
Jason Ish c98c49d4ba dns: parse and alert on invalid opcodes 
Accept DNS messages with an invalid opcode that are otherwise
valid. Such DNS message will create a parser event.

This is a change of behavior, previously an invalid opcode would cause
the DNS message to not be detected or parsed as DNS.

Issue: #5444
 3 years ago
Victor Julien 96dfd65b96 eve: log max regions 3 years ago
Jeff Lucovsky f8474344cd log: Add module and subsystem identifiers to log 
Issue: 2497

This changeset provides subsystem and module identifiers in the log when
the log format string contains "%S". By convention, the log format
surrounds "%S" with brackets.

The subsystem name is generally the same as the thread name. The module
name is derived from the source code module name and usually consists of
the first one or 2 segments of the name using the dash character as the
segment delimiter.
 4 years ago
Victor Julien 62a451a9ab eve/schema: bittorrent format fixup 4 years ago
Philippe Antoine 37af957d83 eve/schema: check that each array has at least one element 
Ticket: #5167
 4 years ago
Juliana Fajardini 84f9ea7254 eve/schema: pgsql - allow flexible parameters list 
Pgsql's parameters - for message types like StartupMessage and
ParameterStatus, for instance, don't have a finite, definitive set, as
per their documentation. Our json schema was allow expecting a fixed set
of parameters, though, resulting in SV tests failing if different, valid
parameters appeared.

Bug #5579
 4 years ago
Jason Ish e3e7d007b2 eve/schema: bittorrent-dht updates 
Some values that were previously strings are now parsed down into
objects.
 4 years ago
Jason Ish 0d3cfbbe3f bittorrent-dht/eve: log as bittorrent_dht 4 years ago
Jason Ish 66fc92276a eve-schema: add bittorrent-dht 4 years ago