aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,720 Commits
8 Branches
154 Tags
166 MiB
dependabot/github_actions/github/codeql-action-3.26.13
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2320d62872'
${ noResults }
Commit Graph

405 Commits (2320d62872d81a6ab423b8adc92d2a9a35243b61)

Author SHA1 Message Date
Phil Young dc5349a30c napatech: Add Deprecation Warning Message for HBA 
Added a message that HBA will be deprecated in the future and removed
hba from default conf file.
 4 years ago
Jeff Lucovsky 8f009cf9b5 output/json: Update threaded filename example 4 years ago
Shivani Bhardwaj 1286b0a8f1 datasets: parse defaults section from yaml 
Datasets can now have a global defaults setting in suricata.yaml. In
case the settings for memcap and hashsize are not find in the yaml or
rule, this shall be the fallback.

Example:

datasets:
  defaults:
    memcap: 100mb
    hashsize: 2048
  ua-seen:
    type: string
    load: datasets.csv
 4 years ago
Philippe Antoine 9b5c923327 http: disables lzma by default for HTTP 4 years ago
Victor Julien 57a611b429 decode/geneve: add config to yaml 4 years ago
Ali Jad Khalil 5d955c1836 decode/geneve: Add Geneve decoding functionality 
These changes are in response to feature request 3063. Geneve is
very similar to VXLAN, but uses a slightly different encapsulation
scheme.
 4 years ago
Jason Ish 5d5eef624b suricata.yaml: mark http2 as experimental 
Make it clear that HTTP2 is experimental and disabled by default.
 4 years ago
Philippe Antoine 1422b18a99 http2: initial support 4 years ago
Sascha Steinbiss 4e1a41a17d output-json: add MAC address output 
This commit adds MAC address output to the EVE-JSON format. We follow the
remarks made in Redmine ticket #962: for packets, log MAC src/dst as a
scalar field in EVE; for flows, log MAC src/dst as lists in EVE. Field names
are different between flow and packet context to avoid type confusion
(src_mac vs. src_macs). Configuration approach and JSON representation is
taken from previous GitHub PR #2700.
 4 years ago
Victor Julien 5db1d9b841 eve/yaml: move mqtt down 4 years ago
Sascha Steinbiss c31360070b rust/mqtt: add MQTT parser 4 years ago
Jeff Lucovsky 30ae98f658 output/json: Multi-threaded EVE logging support 
This commit modifies the JSON loggers with changes necessary to support
multi-threaded EVE output.

Each "thread-init" function sets up the per-thread log file context for
subsequent calls to the JSON output to buffer function.
 4 years ago
Shivani Bhardwaj 9f9670ebdc logging: Add DCERPC logger 4 years ago
Jeff Lucovsky a58fdcd41d suricata.yaml.in: update stream-depth description 4 years ago
Vadym Malakhatko a80f705d4b userguide: add documentation for Hassh usage 
1. Rules keywords
2. Json keywords
3. Usage in lua
4. Enabling in configuration file
 4 years ago
Jason Ish e26718aea3 drop-log: remove drop log (deprecated) 
Remove the old style line based drop log.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2381
 4 years ago
Jason Ish 6ce9b2972b rdp: enable by default 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3255
 4 years ago
Jason Ish 5a7ba62493 sip: enable by default 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3256
 4 years ago
Jason Ish 6850dbc852 suricata.yaml: remove filestore v1 configuration 4 years ago
Victor Julien 1aaf9a80c5 decode/vxlan: minor yaml example clarrification 5 years ago
Victor Julien e97cdb48f3 decode/teredo: implement port support 
Implement support for limiting Teredo detection and decoding to specific
UDP ports, with 3544 as the default.

If no ports are specified, the old behaviour of detecting/decoding on any
port is still in place. This can also be forced by specifying 'any' as the
port setting.
 5 years ago
Frank Honza 1c8943dedd add RFB parser 
This commit adds support for the Remote Framebuffer Protocol (RFB) as
used, for example, by various VNC implementations. It targets the
official versions 3.3, 3.7 and 3.8 of the protocol and provides logging
for the RFB handshake communication for now. Logged events include
endpoint versions, details of the security (i.e. authentication)
exchange as well as metadata about the image transfer parameters.
Detection is enabled using keywords for:

 - rfb.name: Session name as sticky buffer
 - rfb.sectype: Security type, e.g. VNC-style challenge-response
 - rfb.secresult: Result of the security exchange, e.g. OK, FAIL, ...

The latter could be used, for example, to detect brute-force attempts
on open VNC servers, while the name could be used to map unwanted VNC
sessions to the desktop owners or machines.

We also ship example EVE-JSON output and keyword docs as part of the
Sphinx source for Suricata's RTD documentation.
 5 years ago
Jeff Lucovsky 0c5c2173bc config: General typo and grammar cleanup 5 years ago
Jason Ish 76582e34c1 suricata.yaml/dns: removed unused settings 
Remove DNS settings global-memcap, state-memcap and request-flood.
These have never been used in the Rust implementation of the DNS
decoder.
 5 years ago
Jason Ish d86973b386 unified2: remove deprecated output unified2 
Ticket 2385:
https://redmine.openinfosecfoundation.org/issues/2385
 5 years ago
Phil Young 1c99536945 napatech: add hardware based bypass support 
Napatech hardware bypass support enables Suricata to utilize
capabilities of Napatech SmartNICs to selectively bypass flow-based
traffic.
 5 years ago
Philippe Antoine 4a2918e6b5 yaml: clarify comment about dump-all-headers 
Logs a warning if the value is unknown
Fixes #2810
 5 years ago
Jason Ish 16221c0b33 suricata.yaml/dns: small cleanups, not that default is v2 
Note that the eve dns log format is version 2 by default.

Make the value of commented out values their default.

Update the comment on the types to better reflect what it does.
 5 years ago
Philippe Antoine 6921608673 http: updates suricata.yaml comments 
As well as the userguide documentation about suricata.yaml
 5 years ago
Konstantin Klinger 808ea0dba9 app-layer: remove obsolete msn protocol detection 5 years ago
Victor Julien ebecaca7ea eve/anomaly: enable by default 
Default config will only enable 'app-layer' type within the anomaly
logger.
 5 years ago
Victor Julien 514c7c1a04 yaml: minor improvements 5 years ago
Victor Julien cec8067001 yaml: clean up 'autofp-scheduler' option 5 years ago
Jeff Lucovsky 883cad1a86 logging/anomaly: Clarify anomaly logging 
Clarify the description of the anomaly logging types.
 5 years ago
Jeff Lucovsky af615baaf7 logging/alert: Expand alert logging description 
Clarify the configuration requirements for alerts and http-body logging.
 5 years ago
Victor Julien 788c9f8f11 tls/ja3: don't disable; allowing runtime enabling 5 years ago
jason taylor e4156b2f89 config: update lzma size notes to match others 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 years ago
Jason Ish 6c2e9ac27c suricata.yaml: mark drop.log as deprecated 5 years ago
Jason Ish 4e12984ac8 suricata.yaml: mark unified2 as deprecated 5 years ago
Jason Ish d891a8cb79 config: remove all but a stub of file-store v1. 
Remove most of the file-store v1 configuration section and mark
it as deprecated. Provide a link where to find the available
options.
 5 years ago
Victor Julien be6cdd37f8 stream: remove fix stream.depth references 5 years ago
Philippe Antoine af4f816204 http: sets compression bomb limit 5 years ago
Philippe Antoine c09ad01836 http: disable lzma decompression from configuration 5 years ago
Victor Julien 8765839084 sip: disable output by default 5 years ago
Jason Ish a45a2fa1fc sip: disable by default in 5.0 5 years ago
Giuseppe Longo edc2a583a9 rust/sip: add SIP logger 5 years ago
Giuseppe Longo 2e975a0481 rust/sip: add parser for SIP protocol 5 years ago
Jason Ish 4111272c88 config/anomaly: use enabled key word; cleanups 
The anomaly section was commented out, but the types sub object
was not, which then attached the types keyword to the previous
object.

Instead keep "anomaly" enabled in the yaml (not commented out)
and use the "enabled: no" to have it disabled by default.

Additonally reformat the comments to be better viewed in 80
columns.
 5 years ago
Jason Ish 61a6eaf330 htp/lzma: set limit from configuration 
Also use a default defined in Suricata, not libhtp.
 5 years ago
Jeff Lucovsky aaacbf28c2 logging/anomaly: Support configuration filter types 5 years ago