suricata

Commit Graph

Author	SHA1	Message	Date
Sascha Steinbiss	1f8a5874fb	rfb: never return error on unknown traffic We only try to parse a small subset of what is possible in RFB. Currently we only understand some standard auth schemes and stop parsing when the server-client handshake is complete. Since in IPS mode returning an error from the parser causes drops that are likely uncalled for, we do not want to return errors when we simply do not understand what happens in the traffic. This addresses Redmine #5912. Bug: #5912.	2 years ago
Jason Ish	3f4dad8676	ftp: add events for command too long Issue: 5235	2 years ago
Philippe Antoine	f242fb7f22	quic: events and rules on them	3 years ago
Philippe Antoine	acbe6a33a2	ssh: install app-layer events rules	3 years ago
Andreas Herz	c93073c246	rules: add newer rule files to makefile for release tarball	4 years ago
Jason Ish	e3cfc9fc4b	rules: install dhcp-events.rules; order alphabetically Add dhcp-events.rules to Makefile.am so it gets installed. Also order the rule files alphabetically for easier review.	6 years ago
Victor Julien	17ced4fb7f	smb: add smb-events.rules to dist	7 years ago
Pierre Chifflier	6ae53a1869	Add event rules for Kerberos 5	7 years ago
Jason Ish	7bf490062c	rules: install to $datadir/suricata/rules Common /usr/share/suricata/rules or /usr/local/share/suricata/rules. The rules provided by the distribution are installed here as part of the Suricata install process so will always be installed, even without the use of install-rules.	7 years ago
Pierre Chifflier	d16397ce61	Add rules for IKEv2 events	7 years ago
Victor Julien	a306ccfd34	rust/nfs: implement events Remove lots of panic statements in favor of setting non-fatal events. Bug #2175.	8 years ago
Pierre Chifflier	79ed8c2dd3	Add event rules for NTP events	8 years ago
Jason Ish	bbaa79b80e	DNP3: Application layer decoder. Decodes TCP DNP3 and raises some DNP3 decoder alerts.	8 years ago
Eric Leblond	bd0041470f	rules: add app layer events rules Some application layer events are defined but the corresponding rules were not available in the rules directory.	10 years ago
DIALLO David	5a0409959f	App-layer: Add Modbus protocol parser Decode Modbus request and response messages, and extracts MODBUS Application Protocol header and the code function. In case of read/write function, extracts message contents (read/write address, quantity, count, data to write). Links request and response messages in a transaction according to Transaction Identifier (transaction management based on DNS source code). MODBUS Messaging on TCP/IP Implementation Guide V1.0b (http://www.modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0b.pdf) MODBUS Application Protocol Specification V1.1b3 (http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf) Based on DNS source code. Signed-off-by: David DIALLO <diallo@et.esia.fr>	10 years ago
Victor Julien	3ec6bcf284	Make sure tls-events is part of the dist Added it to Makefile.am so it will be part of the dist created by make distcheck.	11 years ago
Victor Julien	6229bfab5e	DNS: rename dns.rules to dns-events.rules, include it in yaml	12 years ago
Victor Julien	93df717aa9	Add files.rules to the dist.	13 years ago
Victor Julien	ea34aeff3d	Add missing Makefile.am files for rules/ and doc/ dir.	13 years ago

19 Commits (829bab295b1bdf58c7df00a62b2d083294744b5c)