aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,714 Commits
7 Branches
155 Tags
197 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c419b79b7'
${ noResults }
Commit Graph

270 Commits (5c419b79b7fd0c068b04e783f300ba4919c1b7f7)

Author SHA1 Message Date
Eloy Pérez González b3c7130749 krb5: update krb5_msg_type keyword docs 2 years ago
Victor Julien 0903536fd6 doc: spelling 
Thanks to Josh Soref.
 2 years ago
Philippe Antoine 9bd2b72e2b doc: explain where tls.store stores certificates 
By adding a reference/link to the doc about the suricata.yaml
config section pecifying the directory where the certificates
are stored
 2 years ago
Victor Julien c0d9b3c078 doc/userguide: spelling 2 years ago
Andreas Herz 3045e75ee1 doc: add note on the hashsize recommendation for datasets 2 years ago
Philippe Antoine 59734d16a1 detect: use http.connection to client 
Ticket: #5746
 2 years ago
Philippe Antoine 6bc7f02e13 doc: rules can have http1 as protocol 
Ticket: #5962
 2 years ago
Jeff Lucovsky fd46c93a8f doc/byte_math: Add divide by 0 discussion. 
Issue: 5945
 2 years ago
Jeff Lucovsky 35bbdf4124 doc/content: Add limits for distance/within 
Ticket: 5740
 2 years ago
Shivani Bhardwaj 0f3e7761da doc: add dataset examples 2 years ago
Haleema Khan 609df1776e userguide: update tls keywords information 
Ticket #5544
 2 years ago
jason taylor 0632233791 userguide: update http.cookie description 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jeff Lucovsky 197ad51138 doc: Update bsize documentation 
This commit updates the bsize documentation

1. Describe what happens when "content" immediately precedes "bsize"
2. Include the operators and
3. Include examples using the operators.
 2 years ago
jason taylor 9dc8fffe05 userguide: update tos keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 1d9b91a987 userguide: update fragoffset keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 7c73144988 userguide: update fragbits information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 4be9793e36 userguide: update geoip information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor e8eba6e4a1 userguide: update id keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor cfd0da133e userguide: update ipv6.hdr keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 150a04b597 userguide: update ipv4.hdr keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 298f59c2ba userguide: update ip_proto keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 6226492976 userguide: update sameip keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor f97ba44339 userguide: update ipopts keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 9b4e6e5802 userguide: update ttl keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Philippe Antoine ce710181f6 doc: update doc for HTTP file.data to server 
Ticket: #4144

Completes e587f6792a
 2 years ago
Aaron Bungay d166c48d28 docs: update for bittorrent-dht app-layer 2 years ago
Eric Leblond 9fb0137d9d doc: add reference to ipaddr in IP matching 2 years ago
Eric Leblond 3bd48d9336 detect: doc link for ip.src and ip.dst 2 years ago
Eric Leblond da8b16eaeb doc: add ip.dst and ip.src doc 2 years ago
Eric Leblond 3599cbf1c4 doc: document new dataset types 
Feature: #5383
 2 years ago
Eric Leblond a1a22cccd2 doc: document dataset-lookup 
Ticket: #5184
 2 years ago
Eric Leblond 20973e9e6b doc: add dataset-clear command 
Ticket: #5184
 2 years ago
Eric Leblond c5559cb68f doc: document dataset-dump command 
Ticket: #5184
 2 years ago
Lukas Sismis 37cf365e19 docs: remove outdated constraint of negation support for ssl_state 
Commit 487cdda93d adds negation support for the SSL state.
 2 years ago
Shivani Bhardwaj 2a0cb1f3da doc: update base64_decode notes 2 years ago
Eric Leblond f46f895e8d rust/smb: import NT status code for Microsoft doc 
This patch updates the NT status code definition to use the status
definition used on Microsoft documentation website. A first python
script is building JSON object with code definition.

```
import json
from bs4 import BeautifulSoup
import requests

ntstatus = requests.get('https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55')

ntstatus_parsed = BeautifulSoup(ntstatus.text, 'html.parser')

ntstatus_parsed = ntstatus_parsed.find('tbody')

ntstatus_dict = {}

for item in ntstatus_parsed.find_all('tr'):
    cell = item.find_all('td')
    if len(cell) == 0:
        continue
    code = cell[0].find_all('p')
    description_ps = cell[1].find_all('p')
    description_list = []
    if len(description_ps):
        for desc in description_ps:
            if not desc.string is None:
                description_list.append(desc.string.replace('\n ', ''))
    else:
        description_list = ['Description not available']
    if not code[0].string.lower() in ntstatus_dict:
        ntstatus_dict[code[0].string.lower()] = {"text": code[1].string, "desc": ' '.join(description_list)}

print(json.dumps(ntstatus_dict))
```

The second one is generating the code that is ready to be inserted into the
source file:

```
import json

ntstatus_file = open('ntstatus.json', 'r')

ntstatus = json.loads(ntstatus_file.read())

declaration_format = 'pub const SMB_NT%s:%su32 = %s;\n'
resolution_format = '        SMB_NT%s%s=> "%s",\n'

declaration = ""
resolution = ""

text_max = len(max([ntstatus[x]['text'] for x in ntstatus.keys()], key=len))

for code in ntstatus.keys():
    text = ntstatus[code]['text']
    text_spaces = ' ' * (4 + text_max - len(text))
    declaration += declaration_format % (text, text_spaces, code)
    resolution += resolution_format % (text, text_spaces, text)

print(declaration)
print('\n')
print('''
pub fn smb_ntstatus_string(c: u32) -> String {
    match c {
''')
print(resolution)
print('''
        _ => { return (c).to_string(); },
    }.to_string()
}
''')
```

Bug #5412.
 2 years ago
Juliana Fajardini 7b0008d4f0 userguide: add section about exception policies 
This describes briefly what the exception policies are, what is the
engine's behavior, what options are available and to which parts are
they implemented.

Task #5475
Task #5515
 2 years ago
Jeff Lucovsky 33c424f9ed doc/byte_math: Add byte_math differences with snort 
Issue: 5077
 2 years ago
Jeff Lucovsky 192a31c74e doc: Fixup byte* entries to display tables properly 2 years ago
Philippe Antoine 390cf9248f detect: adds flow.age keyword 
Ticket: #5536
 2 years ago
Philippe Antoine 5ef259722b dhcp: adds renewal-time keyword 
Ticket: #5507
 3 years ago
Philippe Antoine 6faf6299e0 dhcp: adds rebinding-time keyword 
Ticket: #5506
 3 years ago
Shivani Bhardwaj a77977ec62 doc: add description for tls.random 3 years ago
jason taylor c29942c029 userguide: update dsize documentation/examples 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
Philippe Antoine 461725a9bf dhcp: adds leasetime keyword 
As it is logged

Ticket: #5435
 3 years ago
Philippe Antoine 5c7b5c5fb5 krb: detection for ticket encryption 
As is done for logging.

Ticket: #5442
 3 years ago
Jufajardini Reichow 61f9f0df55 userguide/rules/meta: minor formatting adjustments 3 years ago
Jufajardini Reichow 45f14bb97c userguide/rules: explain sid uniqueness within gid 
While Suri will throw an error if two signatures have the same `sid`
and no `gid`, or same `sid` and same `gid`, it will just accept same
`sid` for different `gid`s.

Related to

Task #5441
 3 years ago
jason taylor 87990b138c doc: update priority wording userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor a7d739a05b doc: update to 80 char formatting userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago