aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,433 Commits
7 Branches
161 Tags
169 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bdb8713ffd'
${ noResults }
Commit Graph

1087 Commits (bdb8713ffd3e28a8b525e08942adaec51a2f932f)

Author SHA1 Message Date
Shivani Bhardwaj bdb8713ffd doc: move upgrade note to correct section 
The PR for the behavior change of dealing with spaces in http URI and
protocol was started in 2019 and merged in 2024. When the PR was
created, it belonged to the correct upgrade section, however, by the
time it was merged, it was 8.0.x branch already.
Move it to upgrade notes from 7 to 8 for correctness.
 3 months ago
jason taylor ca9b29c2d0 doc: update http.header_names normalization info 3 months ago
Lukas Sismis eb52e337da pcap-file: document capture method options 3 months ago
Lukas Sismis e780a20f82 doc: update available options in the example config 3 months ago
Jeff Lucovsky 1a13244b4b doc/tls: Update Lua TLS functions 
Issue: 7608

Update the documentation to reflect the new and expanded functions
available form the Lua TLS library

There are now "server" and "client" versions of most functions. The TLS
object getter is now "get_tx"
 3 months ago
Jeff Lucovsky 77139e0cb1 doc/ftp: Document ftp.completion_code sticky buffer 
This commit adds documentation for the ftp.completion_code sticky
buffer. This is a multi-buffer match.

Issue: 7507
 3 months ago
Jeff Lucovsky 53c8a0f8f1 doc: Document luaxform transform 
Issue: 2290
 3 months ago
Jeff Lucovsky aec2513799 doc/ftp: Document ftp.reply_received 
Add documentation for the ftp.reply_received keyword.
 3 months ago
Richard McConnell d81b76d852 output/tls: Allow logging of sv-handshake params 
Ticket: 6695

"server_handshake" which logs the following:
1. TLS version used during handshake
2. The chosen cipher suite, excluding GREASE
3. TLS extensions, excluding GREASE
 3 months ago
Richard McConnell 94c8be22d4 output/tls: Allow logging of cl-handshake params 
Ticket: 6695

Add new custom log fields:

"client_handshake" which logs the following:
1. TLS version used during handshake
2. TLS extensions, excluding GREASE, SNI and ALPN
3. All cipher suites, excluding GREASE
4. All signature algorithms, excluding GREASE

The use-case is for logging TLS handshake parameters in order to survey
them, and so that JA4 hashes can be computed offline (in the case that
they're not already computed for the purposes of rule matching).
 3 months ago
Jeff Lucovsky 0b02b1d2d1 doc/ftp: Document ftp.mode keyword 
Document the ftp.mode keyword
Fixup a typo in the ftp.reply keyword section.

Issue: 7505
 3 months ago
Philippe Antoine 030493c4a8 lua: better doc for ja3 lib 
Completes commit 7e78ad944c

Tickt: 7605
 3 months ago
Jason Ish c13f85f18d lua: convert file functions to lib suricata.file 
This also breaks out the fileinfo function into a method per file info
item. And likewise for state, just return the state and add a new method
for checking if the file is stored.

Ticket: #7491
 3 months ago
Juliana Fajardini 62949b3815 pgsql: remove unused "password_message" code 
``Password message`` is actually logged just as ``Password``.
Remove related dead code.
 3 months ago
Juliana Fajardini 6f81caf8d4 pgsql: clearly indicate redacted password message 
If a password message was seen while logging passwords was disabled
for pgsql, this would lead to an empty request being logged.
Instead of simply not logging anything when there is a password message
and this is disabled, however, log instead that said password is
redacted.

Bug #7647
 3 months ago
Jason Ish 97eaeef7d8 lua: convert SMTP functions to lib: suricata.smtp 
Ticket: #7606
 3 months ago
Philippe Antoine 7e78ad944c lua: convert ja3 function into suricata.ja3 lib 
Ticket: 7605
 3 months ago
Jason Ish 4c695b1075 doc/devguide: document the rate filter callback 
Ticket: #7673
 3 months ago
Jason Ish f968a7bfb0 doc: add rst header order recommendation 
Ticket: #7396
 3 months ago
Jason Ish 8102fbfd0c doc/userguide: fix typo in lua flowvar lib 
Was importing suricata.flow, not suricata.flowvar.
 3 months ago
Jason Ish 8a5bc12156 lua: convert lua flowint functions to lib: suricata.flowintlib 
Ticket: #7487
 3 months ago
Philippe Antoine 22abad746a lua: convert hassh function into suricata.hassh lib 
Ticket: 7603

We use suricata.ssh lib but also enable hassh.
 4 months ago
Jason Ish 35b03b4077 lua: convert flowvar functions to lib 
New Lua lib, "suricata.flowvar" for working with flowvars from Lua.

Replaces functions:
- SCFlowvarGet (and ScFlowvarGet)
- SCFlowvarSet (and SCFlowvarSet)

Of note, the DetectLuaData has been made available to the init and
thread_init methods, instead of just the match. This is due to an
issue that if a flow variable is not registered in init, it will not
be logged, registering in thread_init is too late.

Ticket: #7486
 4 months ago
Philippe Antoine daabab7381 doc/ssh: document hooks 
Ticket: 7607
 4 months ago
Philippe Antoine 76d7ab5418 lua: convert ssh function into suricata.ssh lib 
Ticket: 7607
 4 months ago
Jeff Lucovsky ff59f215d6 doc/ftp: Document ftp.dynamic_port keyword 
Document the sticky buffer for ftp.dynamic_port
 4 months ago
Jason Ish be483dc873 doc/userguide: document that lua dns rules need hooks 
And remove the old "keywords" that a lua Rule can register with for
DNS.
 4 months ago
Jason Ish b99f254105 lua: add suricata.rule library 
Add a "suricata.rule" library for accessing rule information from a
Lua rule, or a Lua output script.

This lib replaces the following global Lua functions:
- SCRuleIds
- SCRuleAction
- SCRuleMsg
- SCRuleClass

Ticket: #7490
 4 months ago
Jason Ish a5e662cb8a doc/lua/dns: fix typo 4 months ago
Philippe Antoine 8757ad5fd3 detect/dns: support string for dns.rrtype 
Ticket: 6723
 4 months ago
Philippe Antoine 44a6f7f8ca detect/dns: support string for dns.rcode 
Ticket: 6723
 4 months ago
Eric Leblond adfa46ab1c dox/userguide: add tx_cnt documentation 4 months ago
Alice Akaki bda0890834 detect: add email.received keyword 
email.received matches on MIME EMAIL Received
This keyword maps to the EVE field email.received[]
It is a sticky buffer
Supports multiple buffer matching
Supports prefiltering

Ticket: #7599
 4 months ago
James deb761367d doc: Update bypass docs to use new keyword format 
Ticket: #7143

Update documentation to reflect new sticky buffer keyword format
 4 months ago
Victor Julien e3c6554ee6 detect/app-layer-protocol: allow matching on 'unknown' 4 months ago
Alice Akaki ca429ef5e3 detect: add email.url keyword 
email.url matches on URLs extracted from an email
This keyword maps to the EVE field email.url[]
Supports multiple buffer matching
Supports prefiltering

Ticket: #7597
 4 months ago
Jason Ish b23c96198d doc/userguide: type in pfring upgrade notes 4 months ago
Victor Julien 57c73880db lua: enable lua rules by default 
Now that sandboxing is in place, lua rule support is enabled by default.
 4 months ago
Alice Akaki d4ec5b9765 detect: add ldap.responses.attribute_type 
ldap.responses.attribute_type matches on LDAP attribute type/description
This keyword maps the eve field ldap.responses[].search_result_entry.attributes[].type
It is a sticky buffer
Supports multiple buffer matching
Supports prefiltering

Ticket: #7533
 4 months ago
Alice Akaki 75fb352bde detect: add ldap.request.attribute_type 
ldap.request.attribute_type matches on LDAP attribute type/description
This keyword maps the following eve fields:
ldap.request.search_request.attributes[]
ldap.request.modify_request.changes[].modification.attribute_type
ldap.request.add_request.attributes[].name
ldap.request.compare_request.attribute_value_assertion.description
It is a sticky buffer
Supports multiple buffer matching
Supports prefiltering

Ticket: #7533
 4 months ago
Jeff Lucovsky 88c38fc4a0 doc/ftp: Document the ftp.reply keyword 
Issue: 7508
 4 months ago
Juliana Fajardini 63adfc6b1e userguide/pop3: minor typo and formatting fixing 4 months ago
Alex Savage 778053876b pop3: app-layer parser using sawp-pop3 
This module uses the sawp-pop3 crate to parse POP3 requests and responses
Features:
- eve logging
- events for parsable but non-RFC-compliant messages

Ticket: 3243
 4 months ago
Eric Leblond ed20e7cfe4 doc/userguide: doc domain and tld transforms 4 months ago
Philippe Antoine 8cb6a4b82b plugin: document app-layer plugins 
Ticket: 7149
Ticket: 7150
Ticket: 7153
 4 months ago
Victor Julien 5c7173c6df doc/firewall: start of documentation 4 months ago
Victor Julien 6f5fd77cb9 detect/app-layer-state: keyword for protocol state 
Allow matching on the app-layer protocol state.
 4 months ago
Philippe Antoine 706a0bd99b output: option to add suricata version in eve logs 
Ticket: 4853
 4 months ago
Jason Ish 2fce106aec pcap-log: add bpf filter for packets that are logged 
Add an optional bpf filter to pcap-log. If set, packets must match the
filter to be logged, otherwise they will be ignored.

This allows a user to limit what is logged to disk if they have pcap-log
enabled, but still inspect all data captured.

Ticket: #6832
 4 months ago
Lukas Sismis fbed416e26 doc: stylistic and grammar fixes 4 months ago