suricata

Commit Graph

Author	SHA1	Message	Date
Philippe Antoine	32cce122e1	detect: header_lowercase transform Ticket: 6290	2 years ago
jason taylor	c50002978d	doc: update file.data keyword documentation Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Sascha Steinbiss	0c55fe3515	detect: add mqtt.connect.protocolstring Ticket: OISF#6396	2 years ago
Victor Julien	6b2c33990f	doc/userguide: add tag keyword page Ticket: #3015.	2 years ago
Jeff Lucovsky	9ee55d2394	doc/transform: Document case-changing transforms. Issue: 6439	2 years ago
Philippe Antoine	ab9b6e30b1	detect: adds flow integer keywords Ticket: #6164 flow.pkts_toclient flow.pkts_toserver flow.bytes_toclient flow.bytes_toserver	2 years ago
jason taylor	535938d7f6	doc: add tls.cert_chain_len docs Ticket: #6386 Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Travis Green	96a0e7016f	doc: add tcp flags documentation Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	be324d7856	doc: update file.magic information Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	008cc78a03	doc: update fileext keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	e99b1787a2	doc: update file.name keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Andreas Herz	da68692547	doc: dataset - add type to be mandatory	2 years ago
jason taylor	c95fce39f0	doc: add multi buffer support note to keyword docs Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	88960e909d	doc: add multiple buffer matching documentation Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Jeff Lucovsky	47e268d609	detect/byte_math: Document bytes variable name Issue: 6145 Document that byte_math accepts a variable name for bytes (optional)	2 years ago
Jeff Lucovsky	3a4554fc2b	detect/byte-jump: Document var usage for nbytes Issue: 6105	2 years ago
Jeff Lucovsky	73b943276e	doc/byte_test: Document byte_test variable usage Issue: 6144 This commit updates the byte_test documentation now that a variable name can be used for the nbytes value.	2 years ago
Shivani Bhardwaj	b6f8f5eb3b	doc/http: use "sticky buffer" where applicable	2 years ago
Jason Ish	14daa42e0b	doc/userguide: dataset upgrade notes	2 years ago
Jason Ish	4a97461f9a	doc/userguide: notes about Lua rules being disabled by default	2 years ago
Philippe Antoine	415b036dca	http1: implement http.request_header So that it is generic for HTTP1 and HTTP2 Ticket: #5780	2 years ago
Philippe Antoine	7256ec8a6e	detect/http2: do not escape ':' in header name or value for keywords http.request_header and http.response_header Ticket: #5780	2 years ago
Philippe Antoine	656554f293	http2: rename http2.header to http.request_header Or http.response_header based on the direction http2.header had a different behavior than http.header and this was confusing. Ticket: #5780	2 years ago
Eloy Pérez González	b3c7130749	krb5: update krb5_msg_type keyword docs	2 years ago
Victor Julien	0903536fd6	doc: spelling Thanks to Josh Soref.	2 years ago
Philippe Antoine	9bd2b72e2b	doc: explain where tls.store stores certificates By adding a reference/link to the doc about the suricata.yaml config section pecifying the directory where the certificates are stored	2 years ago
Victor Julien	c0d9b3c078	doc/userguide: spelling	2 years ago
Andreas Herz	3045e75ee1	doc: add note on the hashsize recommendation for datasets	2 years ago
Philippe Antoine	59734d16a1	detect: use http.connection to client Ticket: #5746	2 years ago
Philippe Antoine	6bc7f02e13	doc: rules can have http1 as protocol Ticket: #5962	2 years ago
Jeff Lucovsky	fd46c93a8f	doc/byte_math: Add divide by 0 discussion. Issue: 5945	2 years ago
Jeff Lucovsky	35bbdf4124	doc/content: Add limits for distance/within Ticket: 5740	2 years ago
Shivani Bhardwaj	0f3e7761da	doc: add dataset examples	2 years ago
Haleema Khan	609df1776e	userguide: update tls keywords information Ticket #5544	2 years ago
jason taylor	0632233791	userguide: update http.cookie description Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Jeff Lucovsky	197ad51138	doc: Update bsize documentation This commit updates the bsize documentation 1. Describe what happens when "content" immediately precedes "bsize" 2. Include the operators and 3. Include examples using the operators.	3 years ago
jason taylor	9dc8fffe05	userguide: update tos keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	1d9b91a987	userguide: update fragoffset keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	7c73144988	userguide: update fragbits information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	4be9793e36	userguide: update geoip information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	e8eba6e4a1	userguide: update id keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	cfd0da133e	userguide: update ipv6.hdr keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	150a04b597	userguide: update ipv4.hdr keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	298f59c2ba	userguide: update ip_proto keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	6226492976	userguide: update sameip keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	f97ba44339	userguide: update ipopts keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	9b4e6e5802	userguide: update ttl keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Philippe Antoine	ce710181f6	doc: update doc for HTTP file.data to server Ticket: #4144 Completes `e587f6792a`	3 years ago
Aaron Bungay	d166c48d28	docs: update for bittorrent-dht app-layer	3 years ago
Eric Leblond	9fb0137d9d	doc: add reference to ipaddr in IP matching	3 years ago
Eric Leblond	3bd48d9336	detect: doc link for ip.src and ip.dst	3 years ago
Eric Leblond	da8b16eaeb	doc: add ip.dst and ip.src doc	3 years ago
Eric Leblond	3599cbf1c4	doc: document new dataset types Feature: #5383	3 years ago
Eric Leblond	a1a22cccd2	doc: document dataset-lookup Ticket: #5184	3 years ago
Eric Leblond	20973e9e6b	doc: add dataset-clear command Ticket: #5184	3 years ago
Eric Leblond	c5559cb68f	doc: document dataset-dump command Ticket: #5184	3 years ago
Lukas Sismis	37cf365e19	docs: remove outdated constraint of negation support for ssl_state Commit `487cdda93d` adds negation support for the SSL state.	3 years ago
Shivani Bhardwaj	2a0cb1f3da	doc: update base64_decode notes	3 years ago
Eric Leblond	f46f895e8d	rust/smb: import NT status code for Microsoft doc This patch updates the NT status code definition to use the status definition used on Microsoft documentation website. A first python script is building JSON object with code definition. ``` import json from bs4 import BeautifulSoup import requests ntstatus = requests.get('https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55') ntstatus_parsed = BeautifulSoup(ntstatus.text, 'html.parser') ntstatus_parsed = ntstatus_parsed.find('tbody') ntstatus_dict = {} for item in ntstatus_parsed.find_all('tr'): cell = item.find_all('td') if len(cell) == 0: continue code = cell[0].find_all('p') description_ps = cell[1].find_all('p') description_list = [] if len(description_ps): for desc in description_ps: if not desc.string is None: description_list.append(desc.string.replace('\n ', '')) else: description_list = ['Description not available'] if not code[0].string.lower() in ntstatus_dict: ntstatus_dict[code[0].string.lower()] = {"text": code[1].string, "desc": ' '.join(description_list)} print(json.dumps(ntstatus_dict)) ``` The second one is generating the code that is ready to be inserted into the source file: ``` import json ntstatus_file = open('ntstatus.json', 'r') ntstatus = json.loads(ntstatus_file.read()) declaration_format = 'pub const SMB_NT%s:%su32 = %s;\n' resolution_format = ' SMB_NT%s%s=> "%s",\n' declaration = "" resolution = "" text_max = len(max([ntstatus[x]['text'] for x in ntstatus.keys()], key=len)) for code in ntstatus.keys(): text = ntstatus[code]['text'] text_spaces = ' ' * (4 + text_max - len(text)) declaration += declaration_format % (text, text_spaces, code) resolution += resolution_format % (text, text_spaces, text) print(declaration) print('\n') print(''' pub fn smb_ntstatus_string(c: u32) -> String { match c { ''') print(resolution) print(''' _ => { return (c).to_string(); }, }.to_string() } ''') ``` Bug #5412.	3 years ago
Juliana Fajardini	7b0008d4f0	userguide: add section about exception policies This describes briefly what the exception policies are, what is the engine's behavior, what options are available and to which parts are they implemented. Task #5475 Task #5515	3 years ago
Jeff Lucovsky	33c424f9ed	doc/byte_math: Add byte_math differences with snort Issue: 5077	3 years ago
Jeff Lucovsky	192a31c74e	doc: Fixup byte* entries to display tables properly	3 years ago
Philippe Antoine	390cf9248f	detect: adds flow.age keyword Ticket: #5536	3 years ago
Philippe Antoine	5ef259722b	dhcp: adds renewal-time keyword Ticket: #5507	3 years ago
Philippe Antoine	6faf6299e0	dhcp: adds rebinding-time keyword Ticket: #5506	3 years ago
Shivani Bhardwaj	a77977ec62	doc: add description for tls.random	3 years ago
jason taylor	c29942c029	userguide: update dsize documentation/examples Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Philippe Antoine	461725a9bf	dhcp: adds leasetime keyword As it is logged Ticket: #5435	3 years ago
Philippe Antoine	5c7b5c5fb5	krb: detection for ticket encryption As is done for logging. Ticket: #5442	3 years ago
Jufajardini Reichow	61f9f0df55	userguide/rules/meta: minor formatting adjustments	3 years ago
Jufajardini Reichow	45f14bb97c	userguide/rules: explain sid uniqueness within gid While Suri will throw an error if two signatures have the same `sid` and no `gid`, or same `sid` and same `gid`, it will just accept same `sid` for different `gid`s. Related to Task #5441	3 years ago
jason taylor	87990b138c	doc: update priority wording userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	a7d739a05b	doc: update to 80 char formatting userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	9bd55ff81b	doc: metadata information update userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	563dc66837	doc: update priority information userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	f73a60eb89	doc: update reference section in userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	e611ef5ccb	doc: update userguide meta classtype information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	39bc56ec97	doc: update rev and gid userguide meta wording Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	b9cb66c58f	doc: add clarity around userguide meta information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	790ef9a53f	doc: add sid reserved range reference Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	38a179d89d	doc: add clarity to rule msg tips Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	299a931e49	doc: update example rule list Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	98c29da6ec	doc: add clarity to role wording Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	c0bdb6cc10	doc: meta keyword doc example rule update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	ca9e9009ba	doc: add bsize keyword examples Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	34e0a384ad	doc: update to include additional rule references Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	4405704372	doc: update intro direction content Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	3eeacf8a3d	doc: fixed HOME_NET/EXTERNAL example formatting Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	f2c7998903	doc: add clarity around HOME_NET/EXTERNAL_NET Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	76cca8b08a	doc: minor example rule description update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	4f61a35fe7	doc: minor wording restructure Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	845ba154a6	doc: add tcp-pkt/tcp-stream to intro Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	56f49bfe8e	doc: minor punctuation update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	ab300ab0ae	doc: intro example rule update to simpler example Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	2f240230f0	doc: minor intro wording update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Philippe Antoine	c7214be99b	snmp: adds usm keyword as is logged Ticker: #5416	3 years ago
Andreas Dolp	324f5ec10c	doc: Add missing ")" in example	3 years ago
Andreas Dolp	e4163c4e02	doc: Fix typos	3 years ago
Andreas Dolp	49bd6cfa5d	doc: Fix broken link	3 years ago
jason taylor	d799956348	doc: add note about file.data and file_data Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago

1 2 3 4 5 ...

343 Commits (9ddd8cf9e08b65f8c0f418801fef216faadcd5d8)