aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,068 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '405491c3fc'
${ noResults }
Commit Graph

111 Commits (405491c3fcdd8c30cdd66e3ef922f0b8a8717a9e)

Author SHA1 Message Date
Philippe Antoine c9ce43b31e output: configurable payload_length field for alerts 
Ticket: 7098
 8 months ago
Victor Julien 869d5492dc eve/schema: update for alpn 8 months ago
Victor Julien 7f474af1d0 eve/schema: minor enip reformat 8 months ago
Philippe Antoine 82c03f72c3 enip: convert to rust 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
 9 months ago
Shivani Bhardwaj de1de53e2f eve/stats: add description for flow mgr & recycler 
Ticket 6434
 9 months ago
Philippe Antoine 9332bc2c45 dns: adds missing NS field in json schema 9 months ago
Philippe Antoine 8d4699fbba eve/schema: complete and reorder smtp fields 
received and cc were missing
 9 months ago
Victor Julien 1190e426f9 defrag: remove trackers on lookup 
When looking up a tracker, remove any timed out / completed trackers.
 9 months ago
Victor Julien 75b78d7643 defrag: add defrag.memuse counter 
Gives a current snapshot of the memory in use by the defrag engine.
 9 months ago
Victor Julien 83dc703d1f defrag: add various counters 9 months ago
Victor Julien fc05d253d2 defrag: add defrag.mgr.tracker_timeout counter 
Updated by flow manager.
 9 months ago
Victor Julien 76e05c72f6 eve/schema: reformat 9 months ago
Jason Ish 10e6028175 lua: track memory limit exceede errors 
Update the Lua allocated to set a code on memory allocation limit
exceeded errors so an appropriate error message can be logged and a
state incremented.

Fixes the tracking of the allocated size by using the difference
between original size, and new size and toss in some debug
validations.
 9 months ago
Jason Ish 5a1cba72f0 lua: add logging and counter for instruction limit being exceeded 9 months ago
Jason Ish c8fa454cb2 lua: add blocked functions as a special log type plus stat 
Distinguish between a generic Lua script error and an error created by a
function being blocked, so each is logged once respective of each other.

Also add a stat that is incremented when a script fails due to a
blocked function.

NOTE: This does not catch calls to functions that are blocked by not
having the library loaded, such as "io.open", as they are blocked by
not even loading the "io" library.
 9 months ago
Shivani Bhardwaj f073cf2350 eve/schema: add tls.subjectaltname fields 
Feature 5234
 9 months ago
Jason Ish 224f55ba21 detect/lua: don't treat a crashed script as no match 
If a rule script crashed, the return value was treated as a no
match. This would make a negation of the rule match and alert.

Instead cleanup and exit early if the rule script crashed and don't
run negation logic.

A stat, detect.lua.errors has been added to count how many times a
script crashes.

Also consolidates the running of the Lua script and return value
handling to a common function.

Bug: #6940
 10 months ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 10 months ago
Giuseppe Longo 01586d884d output-json/arp: implement logger 
This adds a logger for ARP, disabled by default.

Ticket #6827
 10 months ago
Giuseppe Longo 5219a5da5f decode/arp: implement decoder 
This adds a decoder for ARP.

Ticket #6827
 10 months ago
Shivani Bhardwaj 329ac61961 eve/stats: add description for ips 
Ticket 6434
 10 months ago
Shivani Bhardwaj 861ffff972 eve/stats: add description for transactions 
Ticket 6434
 10 months ago
Giuseppe Longo bff790b6ac rust/sdp: implement logger 
This implements a logger for the SDP protocol.
Given that SDP is encapsulated within other protocols (such as SIP),
enabling it separately is not necessary.

Ticket #6627
 10 months ago
Philippe Antoine 0291d37009 websocket: configurable logging of payload in alerts 11 months ago
Philippe Antoine 44b6aa5e4b app-layer: websockets protocol support 
Ticket: 2695
 11 months ago
Sascha Steinbiss 120313f4da ja4: implement for TLS and QUIC 
Ticket: OISF#6379
 11 months ago
Jeff Lucovsky 2dfa4cecb5 stats: Memcap pressure max relocation 
This commit moves the memcap pressure/pressure_max stats from the global
stats namespace into the memcap namespace.

With per-thread stats, they will be within the flow-manager's values.

Issue: 6398
 11 months ago
Juliana Fajardini caf590d51f stream/midstream: add counter for exception policy 
Add stats counters for when there is an exception policy applied in case
of a session picked up midstream.

Task #5816
 11 months ago
Juliana Fajardini fd9a20ffcf stream/reassemble: add exception policy counters 
Add stats counters for exception policies applied in case of memcap hit
during stream reassembly.

Task #5816
 11 months ago
Juliana Fajardini 2dee3772bf stream/tcp: add ssnmemcap exception policy counter 
Add stats counters for exception policies applied in case a stream
session memcap is hit.

Task #5816
 11 months ago
Juliana Fajardini a71ace8575 applayer: add stats counters for exception errors 
Add stats counters for exception policy are applied for app-layer errors

Part of
Task #5816
 11 months ago
Juliana Fajardini 485c0e1d9a defrag: add exception policy memcap stats counters 
Add defrag memcap stats counter.

Task #5816
 11 months ago
Juliana Fajardini 657419b53e decode/flow: add exception policy stats counters 
We will register stats counters for all policies, even though for now
Suri only uses one possible configuration policy at a time. The idea is
that this could change in the near future, so we want to have this
ready.

Task #5816
 11 months ago
Juliana Fajardini ce001d8eae schema: apply clang formatting changes 11 months ago
Arne Welzel f9cf87a003 schema: Add stats.capture and in_iface properties 
New suricata-verify test listens on loopback interface, resulting
in the capture and in_iface fields in the stats and event objects.
 12 months ago
Jason Ish c2ecae9b82 schema: add flow.wrong_thread 1 year ago
Giuseppe Longo c9d309219e rust/sip: register parser for tcp 
This patch lets the parser to work over tcp protocol, taking care of handling
data before calling the request/response parsers.

Ticket #3351.
 1 year ago
Hadiqa Alamdar Bukhari 6c193b1a3d dns: add missing dns keywords to schema.json 
Found and added missing dns fields in schema.json after manual code review.
Added description to these newly added dns fields.
Feature #5642
 1 year ago
Shivani Bhardwaj 487ba82fb9 eve/stats: add description for applayer flows 
Ticket 6434
 1 year ago
Shivani Bhardwaj 8817514bea eve/stats: add description for expectations 
Ticket 6434
 1 year ago
Shivani Bhardwaj 1816e98ef0 eve/stats: add description for applayer errors 
Ticket 6434
 1 year ago
Shivani Bhardwaj 5a1a32ba5b eve/stats: add description for common fields 
Ticket 6434
 1 year ago
Jason Ish 90ae3a223f eve/schema: allow authorities in dns.answers in alert 
Factor out dns.authorities to a definition.
 1 year ago
Jason Ish b453eea150 stats: add rules skipped 
Rule skipped is a count of the number of rules that are skipped due to
missing requirements.

Feature: #6637
 1 year ago
Philippe Antoine f714678d72 schema: adds missing modbus field 
./stats/app_layer/error/modbus
 1 year ago
Juliana Fajardini 467c3f2c64 schema: apply clang formatting changes 1 year ago
Juliana Fajardini 30ac77ce65 pgsql: add cancel request message 
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.

Task #6577
 1 year ago
Philippe Antoine 8c5310aefd doc: quic in eve/schema 
Ticket: #6076
 1 year ago
Jeff Lucovsky 904f0ddeee stats: Track stream reassembly drops 
Issue: 6235
 1 year ago
Yatin Kanetkar b67ff4badf dhcp: Log Vendor Client Identifier (dhcp option 60) 
* Log vendor client identifier (dhcp option 60) if extended dhcp
logging is turned on. This required the `vendor_client_identifier` to
be added to the json schema. Validation done using an SV Test
* Added `requested_ip` to the json schema as well, since it was
missed. My SV test failed without it.

Feature #4587
 2 years ago