aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,443 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5903ca624e'
${ noResults }
Commit Graph

48 Commits (5903ca624e0f93a3ee762ae6f06f97cf2a63868d)

Author SHA1 Message Date
Philippe Antoine 416a780f69 jsonschema: do not enforce keys for alert metadata 
As this is a free field and can have any key based on a rule
 2 years ago
Jason Ish 3a44197183 schema: add "message_id" to email 2 years ago
Jason Ish bf079c9214 schema: fix optional 
"optional" is not part of jsonschema. Instead an array named "required"
is used to list all field names that are required.
 2 years ago
Jason Ish 49ba378d38 schema: fix engines section 
The definition of items is an object, not an array.
 2 years ago
Lancer Cheng 08b17e9778 eve: add version and warning in ntlmssp 
Bug OISF#5783
 2 years ago
Victor Julien 7e6154a26f stream: add counter for acks for unseen data 
This is another indicator for packet loss or strange captures.
 2 years ago
Victor Julien 83a16a7a89 eve/stream: per packet stream engine logging 
Debug facility to get a per packet view into the stream engine's state.

Logs after a packet has been processed in the stream engine, so the view
into the state includes the updates based on the current packet.

Marked as experimental so it can be changed w/o notice.

Bug: #5876.
 2 years ago
Victor Julien 66ed3ae6e4 flow/mgr: remove flows_timeout_inuse counter 2 years ago
Jason Ish 59d9a51bad eve: remove dcerpc.interface from schema 
Looks like this was due to an error in the dcerpc logging where the
interfaces should have been logged to the "interfaces" array that was
already defined.

Issue: 5814
 2 years ago
Jason Ish ef48c5064f schema: add regular expression for tls date format 2 years ago
Jeff Lucovsky c1c67536b6 decode/stat: Add decode counters for unknown/arp 
Issue: 5761

This commit adds statistics for ARP and unknown ethertype packets for
diagnostic purposes.
 2 years ago
Shivani Bhardwaj 8e3acf1695 eve/schema: add udp.len_invalid 2 years ago
Jason Ish c98c49d4ba dns: parse and alert on invalid opcodes 
Accept DNS messages with an invalid opcode that are otherwise
valid. Such DNS message will create a parser event.

This is a change of behavior, previously an invalid opcode would cause
the DNS message to not be detected or parsed as DNS.

Issue: #5444
 2 years ago
Victor Julien 96dfd65b96 eve: log max regions 2 years ago
Jeff Lucovsky f8474344cd log: Add module and subsystem identifiers to log 
Issue: 2497

This changeset provides subsystem and module identifiers in the log when
the log format string contains "%S". By convention, the log format
surrounds "%S" with brackets.

The subsystem name is generally the same as the thread name. The module
name is derived from the source code module name and usually consists of
the first one or 2 segments of the name using the dash character as the
segment delimiter.
 2 years ago
Victor Julien 62a451a9ab eve/schema: bittorrent format fixup 2 years ago
Philippe Antoine 37af957d83 eve/schema: check that each array has at least one element 
Ticket: #5167
 2 years ago
Juliana Fajardini 84f9ea7254 eve/schema: pgsql - allow flexible parameters list 
Pgsql's parameters - for message types like StartupMessage and
ParameterStatus, for instance, don't have a finite, definitive set, as
per their documentation. Our json schema was allow expecting a fixed set
of parameters, though, resulting in SV tests failing if different, valid
parameters appeared.

Bug #5579
 2 years ago
Jason Ish e3e7d007b2 eve/schema: bittorrent-dht updates 
Some values that were previously strings are now parsed down into
objects.
 2 years ago
Jason Ish 0d3cfbbe3f bittorrent-dht/eve: log as bittorrent_dht 2 years ago
Jason Ish 66fc92276a eve-schema: add bittorrent-dht 2 years ago
Eric Leblond 27cdfec28a eve/schema: update following flow changes 2 years ago
Victor Julien 38fdfd8718 eve/schema: flow/stream updates 2 years ago
Victor Julien 308fe31cb5 eve/schema: add tls client logging 2 years ago
Victor Julien 036686e21c etc/schema: clang (re)format 2 years ago
Philippe Antoine b0ce55c9df flow: finish to remove obsolete counters 
As was begun in b3599507f4

Ticket: #5317
 3 years ago
Eric Leblond 2cc9152fc9 rust/smb: log uuid of interface in dcerpc 
When doing a DCERPC request, we can use the context id to log the
interface that is used. Doing that we can see in one single event
what is the DCERPC interface and opnum that are used. This allows
to have all the information needed to resolve the request to a
function call.

Feature #5413.
 3 years ago
Philippe Antoine e94920b49f smb: do not use tree id to match create request and response 
As an SMB2 async response does not have a tree id, even if
the request has it.

Per spec, MessageId should be enough to identifiy a message request
and response uniquely across all messages that are sent on the same
SMB2 Protocol transport connection.
So, the tree id is redundant anyways.

Ticket: #5508
 3 years ago
Shivani Bhardwaj 14561ffe72 eve/schema: add smtp url bool fields 3 years ago
Philippe Antoine 64b2385c64 krb: log for ticket encryption 
Also logs if the ticket encryption is weak.
It is different from the encryption used for the rest of the
packet, and this allows to detect kerberoasting attack.

Ticket: #5442
 3 years ago
Philippe Antoine 896f0d91ce quic: complete schema.json 
adding ja3 and extension fields
 3 years ago
Victor Julien 929faae6d4 eve/schema: add drop.udplen, email fields 3 years ago
Victor Julien 3617be326c eve/schema: add pcap_filename field 3 years ago
Victor Julien fc566037b4 eve/schema: add new flow fields 3 years ago
Victor Julien 2ba9da4815 eve/schema: add missing magic from files array 3 years ago
Victor Julien 2a7349406c eve/schema: add missing capture_file field 3 years ago
Victor Julien 42adaf5627 eve/schema: add missing http fields 3 years ago
Victor Julien d58f9e54d0 eve/schema: add missing alert fields 3 years ago
Victor Julien 2abce12b5b eve/schema: add missing smb fields 3 years ago
Victor Julien b24e1f1e46 eve/schema: add missing drop fields for ipv6 3 years ago
Victor Julien 6ad5d6a148 eve/schema: add profiling detect fields 3 years ago
Victor Julien 0035673208 eve/drop: log drop reason 
Ticket: #5202.
 3 years ago
Philippe Antoine 284ad462fc output: adds schema.json 
Ticket: #1369
 3 years ago
Victor Julien f037f6f4ff classification: sync and update 
Sync to latest ET open and introduce inappropriate as a classification
to replace something some find inappropriate.
 4 years ago
Jason Ish 400b26ad68 logrotate: reindent to 4 spaces 
4 spaces seems to be the norm on Linux, so reindent from a mix
of 8 spaces and tabs to 4 spaces.
 4 years ago
Jason Ish 99d9e09599 config: install classification.config (and ref) to $datadir 
Install classification.config and reference.config to $datadir,
where they can be updated on every upgrade.

This required moving them into a sub-directory for autotools
to do its thing.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3209
 5 years ago
Jason Ish 7cc0067be0 Sample systemd unit file for Suricata. 
Create a sample systemd unit file based on the build time
configuration.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2138
 8 years ago
Jason Ish ddf6bce5d8 Sample logrotate configuration file. 
Create a sample logrotate configuration file with filenames
set for the configuration.
 8 years ago