suricata

Commit Graph

Author	SHA1	Message	Date
Mats Klepsland	6e23ae230b	detect: add (mpm) keyword ja3_string Match on JA3 string using ja3_string keyword, e.g: alert tls any any -> any any (msg:"JA3 string test"; ja3_string; content:"65-68-69-102"; sid:1;)	7 years ago
Mats Klepsland	6c7aacce9e	detect: add (mpm) keyword ja3_hash Match on JA3 hash using ja3_hash keyword, e.g: alert tls any any -> any any (msg:"JA3 hash test"; ja3_hash; content:"e7eca2baf4458d095b7f45da28c16c34"; sid:1;)	7 years ago
Victor Julien	75d7c9d64a	rust/smb: initial support Implement SMB app-layer parser for SMB1/2/3. Features: - file extraction - eve logging - existing dce keyword support - smb_share/smb_named_pipe keyword support (stickybuffers) - auth meta data extraction (ntlmssp, kerberos5)	7 years ago
Victor Julien	4d1fa4aaf9	detect: bsize keyword Allows matching on stickybuffers. Like dsize, it allows matching on exact values, greater than and less than, and ranges. For streaming buffers, such as HTTP bodies, the final size of the body is only known at the end of the transaction.	8 years ago
Victor Julien	7f97fc40d5	detect/transform: initial to_sha256 implementation Takes input buffer and replaces it with hash value for that buffer. Hash value is in raw bytes.	8 years ago
Victor Julien	016d65fdf8	detect/transform: initial compress_whitespace implementation	8 years ago
Victor Julien	38ed6cd050	detect/transform: initial strip_whitespace implementation	8 years ago
Victor Julien	a499a44f7a	detect: move buffer type map into detect ctx Move previously global table into detect engine ctx. Now that we can register buffers at rule loading time we need to take concurrency into account. Move DetectBufferType to detect.h and update DetectBufferCtx API calls to include a detect engine ctx reference.	8 years ago
Eric Leblond	9ecd60c7a2	detect-ftpdata: register keyword Keyword registration was missing so the keyword was not existing.	8 years ago
Victor Julien	746638b220	cuda: remove Remove CUDA support as it has been broken for a long time. Ticket #2382.	8 years ago
Victor Julien	ac0ae2dcd1	file_data: smtp file_data to generic file_data Generalize the SMTP file_data inspection into a 'files' file_data inspection that can be used for any protocol that uses the File API.	8 years ago
Victor Julien	c374324916	detect: move keyword registration into own file	8 years ago

12 Commits (50370511615574ec09be0e1b6be465c0e3dc2b7f)