suricata

Commit Graph

Author	SHA1	Message	Date
Shivani Bhardwaj	0f3e7761da	doc: add dataset examples	2 years ago
Haleema Khan	609df1776e	userguide: update tls keywords information Ticket #5544	2 years ago
jason taylor	0632233791	userguide: update http.cookie description Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Jeff Lucovsky	197ad51138	doc: Update bsize documentation This commit updates the bsize documentation 1. Describe what happens when "content" immediately precedes "bsize" 2. Include the operators and 3. Include examples using the operators.	3 years ago
jason taylor	9dc8fffe05	userguide: update tos keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	1d9b91a987	userguide: update fragoffset keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	7c73144988	userguide: update fragbits information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	4be9793e36	userguide: update geoip information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	e8eba6e4a1	userguide: update id keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	cfd0da133e	userguide: update ipv6.hdr keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	150a04b597	userguide: update ipv4.hdr keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	298f59c2ba	userguide: update ip_proto keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	6226492976	userguide: update sameip keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	f97ba44339	userguide: update ipopts keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	9b4e6e5802	userguide: update ttl keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Philippe Antoine	ce710181f6	doc: update doc for HTTP file.data to server Ticket: #4144 Completes `e587f6792a`	3 years ago
Aaron Bungay	d166c48d28	docs: update for bittorrent-dht app-layer	3 years ago
Eric Leblond	9fb0137d9d	doc: add reference to ipaddr in IP matching	3 years ago
Eric Leblond	3bd48d9336	detect: doc link for ip.src and ip.dst	3 years ago
Eric Leblond	da8b16eaeb	doc: add ip.dst and ip.src doc	3 years ago
Eric Leblond	3599cbf1c4	doc: document new dataset types Feature: #5383	3 years ago
Eric Leblond	a1a22cccd2	doc: document dataset-lookup Ticket: #5184	3 years ago
Eric Leblond	20973e9e6b	doc: add dataset-clear command Ticket: #5184	3 years ago
Eric Leblond	c5559cb68f	doc: document dataset-dump command Ticket: #5184	3 years ago
Lukas Sismis	37cf365e19	docs: remove outdated constraint of negation support for ssl_state Commit `487cdda93d` adds negation support for the SSL state.	3 years ago
Shivani Bhardwaj	2a0cb1f3da	doc: update base64_decode notes	3 years ago
Eric Leblond	f46f895e8d	rust/smb: import NT status code for Microsoft doc This patch updates the NT status code definition to use the status definition used on Microsoft documentation website. A first python script is building JSON object with code definition. ``` import json from bs4 import BeautifulSoup import requests ntstatus = requests.get('https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55') ntstatus_parsed = BeautifulSoup(ntstatus.text, 'html.parser') ntstatus_parsed = ntstatus_parsed.find('tbody') ntstatus_dict = {} for item in ntstatus_parsed.find_all('tr'): cell = item.find_all('td') if len(cell) == 0: continue code = cell[0].find_all('p') description_ps = cell[1].find_all('p') description_list = [] if len(description_ps): for desc in description_ps: if not desc.string is None: description_list.append(desc.string.replace('\n ', '')) else: description_list = ['Description not available'] if not code[0].string.lower() in ntstatus_dict: ntstatus_dict[code[0].string.lower()] = {"text": code[1].string, "desc": ' '.join(description_list)} print(json.dumps(ntstatus_dict)) ``` The second one is generating the code that is ready to be inserted into the source file: ``` import json ntstatus_file = open('ntstatus.json', 'r') ntstatus = json.loads(ntstatus_file.read()) declaration_format = 'pub const SMB_NT%s:%su32 = %s;\n' resolution_format = ' SMB_NT%s%s=> "%s",\n' declaration = "" resolution = "" text_max = len(max([ntstatus[x]['text'] for x in ntstatus.keys()], key=len)) for code in ntstatus.keys(): text = ntstatus[code]['text'] text_spaces = ' ' * (4 + text_max - len(text)) declaration += declaration_format % (text, text_spaces, code) resolution += resolution_format % (text, text_spaces, text) print(declaration) print('\n') print(''' pub fn smb_ntstatus_string(c: u32) -> String { match c { ''') print(resolution) print(''' _ => { return (c).to_string(); }, }.to_string() } ''') ``` Bug #5412.	3 years ago
Juliana Fajardini	7b0008d4f0	userguide: add section about exception policies This describes briefly what the exception policies are, what is the engine's behavior, what options are available and to which parts are they implemented. Task #5475 Task #5515	3 years ago
Jeff Lucovsky	33c424f9ed	doc/byte_math: Add byte_math differences with snort Issue: 5077	3 years ago
Jeff Lucovsky	192a31c74e	doc: Fixup byte* entries to display tables properly	3 years ago
Philippe Antoine	390cf9248f	detect: adds flow.age keyword Ticket: #5536	3 years ago
Philippe Antoine	5ef259722b	dhcp: adds renewal-time keyword Ticket: #5507	3 years ago
Philippe Antoine	6faf6299e0	dhcp: adds rebinding-time keyword Ticket: #5506	3 years ago
Shivani Bhardwaj	a77977ec62	doc: add description for tls.random	3 years ago
jason taylor	c29942c029	userguide: update dsize documentation/examples Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Philippe Antoine	461725a9bf	dhcp: adds leasetime keyword As it is logged Ticket: #5435	3 years ago
Philippe Antoine	5c7b5c5fb5	krb: detection for ticket encryption As is done for logging. Ticket: #5442	3 years ago
Jufajardini Reichow	61f9f0df55	userguide/rules/meta: minor formatting adjustments	3 years ago
Jufajardini Reichow	45f14bb97c	userguide/rules: explain sid uniqueness within gid While Suri will throw an error if two signatures have the same `sid` and no `gid`, or same `sid` and same `gid`, it will just accept same `sid` for different `gid`s. Related to Task #5441	3 years ago
jason taylor	87990b138c	doc: update priority wording userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	a7d739a05b	doc: update to 80 char formatting userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	9bd55ff81b	doc: metadata information update userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	563dc66837	doc: update priority information userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	f73a60eb89	doc: update reference section in userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	e611ef5ccb	doc: update userguide meta classtype information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	39bc56ec97	doc: update rev and gid userguide meta wording Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	b9cb66c58f	doc: add clarity around userguide meta information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	790ef9a53f	doc: add sid reserved range reference Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	38a179d89d	doc: add clarity to rule msg tips Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	299a931e49	doc: update example rule list Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	98c29da6ec	doc: add clarity to role wording Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	c0bdb6cc10	doc: meta keyword doc example rule update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	ca9e9009ba	doc: add bsize keyword examples Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	34e0a384ad	doc: update to include additional rule references Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	4405704372	doc: update intro direction content Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	3eeacf8a3d	doc: fixed HOME_NET/EXTERNAL example formatting Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	f2c7998903	doc: add clarity around HOME_NET/EXTERNAL_NET Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	76cca8b08a	doc: minor example rule description update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	4f61a35fe7	doc: minor wording restructure Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	845ba154a6	doc: add tcp-pkt/tcp-stream to intro Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	56f49bfe8e	doc: minor punctuation update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	ab300ab0ae	doc: intro example rule update to simpler example Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	2f240230f0	doc: minor intro wording update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Philippe Antoine	c7214be99b	snmp: adds usm keyword as is logged Ticker: #5416	3 years ago
Andreas Dolp	324f5ec10c	doc: Add missing ")" in example	3 years ago
Andreas Dolp	e4163c4e02	doc: Fix typos	3 years ago
Andreas Dolp	49bd6cfa5d	doc: Fix broken link	3 years ago
jason taylor	d799956348	doc: add note about file.data and file_data Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	83f2056d20	doc: update file_data to file.data keyword Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	cd54d0dbc8	doc: remove extra newline in order to match style Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	38bd775ca0	doc: remove extraneous + characters Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Shivani Bhardwaj	015c9fe1e3	doc: add usage of flowbits OR op Ticket 5130	3 years ago
Victor Julien	cf4ddab6f4	doc/quic: update for new quic.version logic	4 years ago
Emmanuel Thompson	6641efb74f	doc/quic: Add documentation for QUIC keywords	4 years ago
Philippe Antoine	0cfdec1266	detect: xor transform Ticket: 3285 The xor transform applies xor decoding to a buffer, with a key specified as an option in hexadecimal. Arbitrary key sizes are accepted.	4 years ago
Juliana Fajardini	de0ce26e3f	userguide: update references to Suricata website Many places were still referencing the old Suricata page. Used git grep with replace to update them. Checked that new links work. Left old references when they were only documentation examples (for output or unittests). Task#4915	4 years ago
Juliana Fajardini	4256c1ccd5	userguide: rename pg Lua Scripting->Lua Detection Since we can have scripts for output _or_ detection, it seems more clear to rename this page to add more meaning	4 years ago
Juliana Fajardini	59e5a21fca	userguide: update buffers list for lua-scripting	4 years ago
Juliana Fajardini	e7f1736f3a	userguide/lua: add explanation about `need` diffs The differences on how the `need` key works, depending on script usage (output or detection) confuses users, sometimes (cf doc#4725). While we don't fix that, just explain this behavior.	4 years ago
Andreas Dolp	b25350ee13	doc: Fix typo in documentation of rule keyword flow	4 years ago
Philippe Antoine	fae7389ae2	pcre2: document the behavioral changes	4 years ago
Joshua Lumb	cf9b2b5fd1	detect-dsize: Add ! operator for dsize matching	4 years ago
myr463	755124763d	doc: escape dot in pcre	4 years ago
Shivani Bhardwaj	51be8f0238	doc/dcerpc: add proto keywords	4 years ago
showipintbri	a39025bf24	doc: Grammar Correction	4 years ago
frank honza	f83d51d0cb	ike: set event for multiple server proposals	4 years ago
Andreas Herz	a5f36eccf1	doc: add documentation for rawbytes keyword	4 years ago
frank honza	ab59ef0d79	ikev1: add documentation for ikev1	4 years ago
frank honza	ecdf9f6b0b	ikev1: rename ikev2 to common ike Renaming was done with shell commands, git mv for moving the files and content like find -iname '*.c' \| xargs sed -i 's/ikev1/ike/g' respecting the different mixes of upper/lower case.	4 years ago
Jason Ish	547afcb983	doc/userguide/transforms: remove not about libnss being required	5 years ago
Jason Ish	c0ddad8e7e	doc/ja3: libnss support no longer required	5 years ago
Philippe Antoine	4e242645be	doc: explicit header normalization further And their concatenation as described in RFC 2616	5 years ago
Philippe Antoine	6b30890de9	doc: http.uri.raw has no spaces as they are in the protocol cf bug #2881	5 years ago
Victor Julien	7b4ac8dbab	doc/userguide: update http keywords	5 years ago
Jeff Lucovsky	a18a9d3046	doc: New sticky buffer icmpv4.hdr	5 years ago
Victor Julien	c95850c6ce	doc/rules: document config rule option	5 years ago
Shivani Bhardwaj	87617b200c	doc/datasets: add info about memcap and hashsize	5 years ago
Victor Julien	e1ecb7dc41	doc/datasets: explain reloads, general improvements	5 years ago
Jeff Lucovsky	06f41f608c	doc: Improve grammar, spelling and clarifications This commit improves the overall documentation's grammar, spelling, and adds clarifications where needed.	5 years ago
jason taylor	b21160a6e3	doc: http.host keyword note for matching on port Signed-off-by: jason taylor <jtfas90@gmail.com>	5 years ago

1 2 3 4 5 ...

311 Commits (c99d93c2574cfa0fe2b94c1ab3a2cacd5a15035c)