aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,825 Commits
7 Branches
161 Tags
204 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5dacf4d92b'
${ noResults }
Commit Graph

356 Commits (5dacf4d92bf21f86df593acbe9c2517b545b711a)

Author SHA1 Message Date
Eloy Pérez González a4901a1f70 smb: add smb.keyword documentation 2 years ago
Lukas Sismis 6e4cc79b39 doc: remove references to prehistoric versions 
Remove references that are mentioning Suricata 3 or less
As a note - only one Suricata 4 reference found:
(suricata-yaml.rst:"In 4.1.x")
Fast pattern selection criteria can be internally found by inspecting
SupportFastPatternForSigMatchList and SigTableSetup functions.

Ticket: #6570
 2 years ago
Philippe Antoine adf5e6da7b detect: strip_pseudo_headers transform 
Ticket: 6546
 2 years ago
Philippe Antoine 4933b817aa doc: fix byte_test examples 
As this keyword has 4 mandatory arguments, and some examples
had only three...

Ticket: 6629
 2 years ago
Jason Ish 5d5b0509a5 requires: add requires keyword 
Add a new rule keyword "requires" that allows a rule to require specific
Suricata versions and/or Suricata features to be enabled.

Example:

  requires: feature geoip, version >= 7.0.0, version < 8;
  requires: version >= 7.0.3 < 8
  requires: version >= 7.0.3 < 8 | >= 8.0.3

Feature: #5972

Co-authored-by: Philippe Antoine <pantoine@oisf.net>
 2 years ago
Jason Ish c1a8dbcb72 doc/userguide: document dns.query.name, dns.answer.name 
With some other minor cleanups in the DNS keyword section.
 2 years ago
Shivani Bhardwaj b9540df5ad doc: clarify IP-only with iprep 2 years ago
jason taylor fc81c99b58 doc: add file.name information to smtp keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 9d1ad0187e doc: add file.name information to nfs keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 327ba7397a doc: add file.name information to smb keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor e4077b8803 doc: update ftp keyword doc example rule format 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor bb1f7575d3 doc: add file.name information to ftp keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor bbc17b1c7d doc: add file.name information to http keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Philippe Antoine 32cce122e1 detect: header_lowercase transform 
Ticket: 6290
 2 years ago
jason taylor c50002978d doc: update file.data keyword documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Sascha Steinbiss 0c55fe3515 detect: add mqtt.connect.protocolstring 
Ticket:  OISF#6396
 2 years ago
Victor Julien 6b2c33990f doc/userguide: add tag keyword page 
Ticket: #3015.
 2 years ago
Jeff Lucovsky 9ee55d2394 doc/transform: Document case-changing transforms. 
Issue: 6439
 2 years ago
Philippe Antoine ab9b6e30b1 detect: adds flow integer keywords 
Ticket: #6164

flow.pkts_toclient
flow.pkts_toserver
flow.bytes_toclient
flow.bytes_toserver
 2 years ago
jason taylor 535938d7f6 doc: add tls.cert_chain_len docs 
Ticket: #6386

Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Travis Green 96a0e7016f doc: add tcp flags documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor be324d7856 doc: update file.magic information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 008cc78a03 doc: update fileext keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor e99b1787a2 doc: update file.name keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Andreas Herz da68692547 doc: dataset - add type to be mandatory 2 years ago
jason taylor c95fce39f0 doc: add multi buffer support note to keyword docs 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 88960e909d doc: add multiple buffer matching documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jeff Lucovsky 47e268d609 detect/byte_math: Document bytes variable name 
Issue: 6145

Document that byte_math accepts a variable name for bytes (optional)
 2 years ago
Jeff Lucovsky 3a4554fc2b detect/byte-jump: Document var usage for nbytes 
Issue: 6105
 2 years ago
Jeff Lucovsky 73b943276e doc/byte_test: Document byte_test variable usage 
Issue: 6144

This commit updates the byte_test documentation now that a variable name
can be used for the nbytes value.
 2 years ago
Shivani Bhardwaj b6f8f5eb3b doc/http: use "sticky buffer" where applicable 2 years ago
Jason Ish 14daa42e0b doc/userguide: dataset upgrade notes 2 years ago
Jason Ish 4a97461f9a doc/userguide: notes about Lua rules being disabled by default 2 years ago
Philippe Antoine 415b036dca http1: implement http.request_header 
So that it is generic for HTTP1 and HTTP2

Ticket: #5780
 2 years ago
Philippe Antoine 7256ec8a6e detect/http2: do not escape ':' in header name or value 
for keywords http.request_header and http.response_header

Ticket: #5780
 2 years ago
Philippe Antoine 656554f293 http2: rename http2.header to http.request_header 
Or http.response_header based on the direction

http2.header had a different behavior than http.header and this was
confusing.

Ticket: #5780
 2 years ago
Eloy Pérez González b3c7130749 krb5: update krb5_msg_type keyword docs 2 years ago
Victor Julien 0903536fd6 doc: spelling 
Thanks to Josh Soref.
 2 years ago
Philippe Antoine 9bd2b72e2b doc: explain where tls.store stores certificates 
By adding a reference/link to the doc about the suricata.yaml
config section pecifying the directory where the certificates
are stored
 2 years ago
Victor Julien c0d9b3c078 doc/userguide: spelling 2 years ago
Andreas Herz 3045e75ee1 doc: add note on the hashsize recommendation for datasets 2 years ago
Philippe Antoine 59734d16a1 detect: use http.connection to client 
Ticket: #5746
 2 years ago
Philippe Antoine 6bc7f02e13 doc: rules can have http1 as protocol 
Ticket: #5962
 2 years ago
Jeff Lucovsky fd46c93a8f doc/byte_math: Add divide by 0 discussion. 
Issue: 5945
 2 years ago
Jeff Lucovsky 35bbdf4124 doc/content: Add limits for distance/within 
Ticket: 5740
 2 years ago
Shivani Bhardwaj 0f3e7761da doc: add dataset examples 2 years ago
Haleema Khan 609df1776e userguide: update tls keywords information 
Ticket #5544
 2 years ago
jason taylor 0632233791 userguide: update http.cookie description 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
Jeff Lucovsky 197ad51138 doc: Update bsize documentation 
This commit updates the bsize documentation

1. Describe what happens when "content" immediately precedes "bsize"
2. Include the operators and
3. Include examples using the operators.
 3 years ago
jason taylor 9dc8fffe05 userguide: update tos keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 1d9b91a987 userguide: update fragoffset keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 7c73144988 userguide: update fragbits information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 4be9793e36 userguide: update geoip information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor e8eba6e4a1 userguide: update id keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor cfd0da133e userguide: update ipv6.hdr keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 150a04b597 userguide: update ipv4.hdr keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 298f59c2ba userguide: update ip_proto keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 6226492976 userguide: update sameip keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor f97ba44339 userguide: update ipopts keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 9b4e6e5802 userguide: update ttl keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
Philippe Antoine ce710181f6 doc: update doc for HTTP file.data to server 
Ticket: #4144

Completes e587f6792a
 3 years ago
Aaron Bungay d166c48d28 docs: update for bittorrent-dht app-layer 3 years ago
Eric Leblond 9fb0137d9d doc: add reference to ipaddr in IP matching 3 years ago
Eric Leblond 3bd48d9336 detect: doc link for ip.src and ip.dst 3 years ago
Eric Leblond da8b16eaeb doc: add ip.dst and ip.src doc 3 years ago
Eric Leblond 3599cbf1c4 doc: document new dataset types 
Feature: #5383
 3 years ago
Eric Leblond a1a22cccd2 doc: document dataset-lookup 
Ticket: #5184
 3 years ago
Eric Leblond 20973e9e6b doc: add dataset-clear command 
Ticket: #5184
 3 years ago
Eric Leblond c5559cb68f doc: document dataset-dump command 
Ticket: #5184
 3 years ago
Lukas Sismis 37cf365e19 docs: remove outdated constraint of negation support for ssl_state 
Commit 487cdda93d adds negation support for the SSL state.
 3 years ago
Shivani Bhardwaj 2a0cb1f3da doc: update base64_decode notes 3 years ago
Eric Leblond f46f895e8d rust/smb: import NT status code for Microsoft doc 
This patch updates the NT status code definition to use the status
definition used on Microsoft documentation website. A first python
script is building JSON object with code definition.

```
import json
from bs4 import BeautifulSoup
import requests

ntstatus = requests.get('https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55')

ntstatus_parsed = BeautifulSoup(ntstatus.text, 'html.parser')

ntstatus_parsed = ntstatus_parsed.find('tbody')

ntstatus_dict = {}

for item in ntstatus_parsed.find_all('tr'):
    cell = item.find_all('td')
    if len(cell) == 0:
        continue
    code = cell[0].find_all('p')
    description_ps = cell[1].find_all('p')
    description_list = []
    if len(description_ps):
        for desc in description_ps:
            if not desc.string is None:
                description_list.append(desc.string.replace('\n ', ''))
    else:
        description_list = ['Description not available']
    if not code[0].string.lower() in ntstatus_dict:
        ntstatus_dict[code[0].string.lower()] = {"text": code[1].string, "desc": ' '.join(description_list)}

print(json.dumps(ntstatus_dict))
```

The second one is generating the code that is ready to be inserted into the
source file:

```
import json

ntstatus_file = open('ntstatus.json', 'r')

ntstatus = json.loads(ntstatus_file.read())

declaration_format = 'pub const SMB_NT%s:%su32 = %s;\n'
resolution_format = '        SMB_NT%s%s=> "%s",\n'

declaration = ""
resolution = ""

text_max = len(max([ntstatus[x]['text'] for x in ntstatus.keys()], key=len))

for code in ntstatus.keys():
    text = ntstatus[code]['text']
    text_spaces = ' ' * (4 + text_max - len(text))
    declaration += declaration_format % (text, text_spaces, code)
    resolution += resolution_format % (text, text_spaces, text)

print(declaration)
print('\n')
print('''
pub fn smb_ntstatus_string(c: u32) -> String {
    match c {
''')
print(resolution)
print('''
        _ => { return (c).to_string(); },
    }.to_string()
}
''')
```

Bug #5412.
 3 years ago
Juliana Fajardini 7b0008d4f0 userguide: add section about exception policies 
This describes briefly what the exception policies are, what is the
engine's behavior, what options are available and to which parts are
they implemented.

Task #5475
Task #5515
 3 years ago
Jeff Lucovsky 33c424f9ed doc/byte_math: Add byte_math differences with snort 
Issue: 5077
 3 years ago
Jeff Lucovsky 192a31c74e doc: Fixup byte* entries to display tables properly 3 years ago
Philippe Antoine 390cf9248f detect: adds flow.age keyword 
Ticket: #5536
 3 years ago
Philippe Antoine 5ef259722b dhcp: adds renewal-time keyword 
Ticket: #5507
 3 years ago
Philippe Antoine 6faf6299e0 dhcp: adds rebinding-time keyword 
Ticket: #5506
 3 years ago
Shivani Bhardwaj a77977ec62 doc: add description for tls.random 3 years ago
jason taylor c29942c029 userguide: update dsize documentation/examples 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
Philippe Antoine 461725a9bf dhcp: adds leasetime keyword 
As it is logged

Ticket: #5435
 3 years ago
Philippe Antoine 5c7b5c5fb5 krb: detection for ticket encryption 
As is done for logging.

Ticket: #5442
 3 years ago
Jufajardini Reichow 61f9f0df55 userguide/rules/meta: minor formatting adjustments 3 years ago
Jufajardini Reichow 45f14bb97c userguide/rules: explain sid uniqueness within gid 
While Suri will throw an error if two signatures have the same `sid`
and no `gid`, or same `sid` and same `gid`, it will just accept same
`sid` for different `gid`s.

Related to

Task #5441
 3 years ago
jason taylor 87990b138c doc: update priority wording userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor a7d739a05b doc: update to 80 char formatting userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 9bd55ff81b doc: metadata information update userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 563dc66837 doc: update priority information userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor f73a60eb89 doc: update reference section in userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor e611ef5ccb doc: update userguide meta classtype information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 39bc56ec97 doc: update rev and gid userguide meta wording 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor b9cb66c58f doc: add clarity around userguide meta information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 790ef9a53f doc: add sid reserved range reference 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 38a179d89d doc: add clarity to rule msg tips 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 299a931e49 doc: update example rule list 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 98c29da6ec doc: add clarity to role wording 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor c0bdb6cc10 doc: meta keyword doc example rule update 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor ca9e9009ba doc: add bsize keyword examples 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 34e0a384ad doc: update to include additional rule references 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 4405704372 doc: update intro direction content 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago