aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,858 Commits
7 Branches
155 Tags
200 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '509a54281f'
${ noResults }
Commit Graph

9858 Commits (509a54281fddd9a43523e8d2e459903002d4efb6)
 

Author SHA1 Message Date
Mats Klepsland b1d5fe9657 lua: add Ja3SGetHash function 
Add Ja3SGetHash() to return the content of the JA3S hash buffer from
the TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3s_hash.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3s_hash = Ja3SGetHash()
      if ja3s_hash == nil then
          return
      end

      file:write(ja3s_hash .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end

In the example above, each JA3S hash is logged to a log file.
 6 years ago
Mats Klepsland 800608ab65 userguide: add JA3S fields to the TLS logger documentation 6 years ago
Mats Klepsland a4eaef25d6 eve: add JA3S field to TLS JSON logger 
Add JA3S object to TLS JSON logger (extended log).
 6 years ago
Mats Klepsland a4471987ba app-layer-ssl: generate JA3S fingerprints 
Generate JA3S fingerprints based on fields in the ServerHello record.
 6 years ago
Alexander Gozman 3a16009966 Bug #2965: fix NFQ arguments parsing 6 years ago
Andreas Herz 8baf64f5e9 af-packet: fix setting block_timeout value through afpconfig 6 years ago
Jeff Lucovsky 8a94b93b7b doc: Anomaly logging documentation 
This changeset adds discussion of anomaly log records and
the anomaly log record format.
 6 years ago
Jeff Lucovsky 462a4e2b5b detect/analyzer: Improve warning message 
This changeset modifies the warning printed when a rule
is determined to detect in both directions.
 6 years ago
Eric Leblond 5d76f0897c af-packet: remove rollover reference 
This patch removes reference to rollover in the configuration file
and add warnings when it is used.
 6 years ago
Philippe Antoine 037d50ef06 signature: fix overflow in parsing 6 years ago
Philippe Antoine 3e12066819 http: adds events for each libhtp log 
Fixes #997
 6 years ago
Mats Klepsland 3c57ac144c detect-ssl-version: move unittests to tests/ 6 years ago
Mats Klepsland 238797cc66 detect-ssl-state: move unittests to tests/ 6 years ago
Mats Klepsland 479e73b98e detect-tls-version: move unittests to tests/ 6 years ago
Mats Klepsland 767bde5e74 detect-tls-cert-validity: move unittests to tests/ 6 years ago
Mats Klepsland a260a57b68 detect-tls-sni: move unittests to tests/ 6 years ago
Mats Klepsland adb4da3975 detect-tls-ja3-string: move unittests to tests/ 6 years ago
Mats Klepsland 74a7b7e3cf detect-tls-ja3-hash: move unittests to tests/ 6 years ago
Mats Klepsland 5d3b94b3e4 detect-tls-cert-subject: move unittests to tests/ 6 years ago
Mats Klepsland 0d728ee4c6 detect-tls-cert-serial: move unittests to tests/ 6 years ago
Mats Klepsland e125e58c97 detect-tls-cert-issuer: move unittests to tests/ 6 years ago
Mats Klepsland 3646234ac5 detect-tls-cert-fingerprint: move unittests to tests/ 6 years ago
Mats Klepsland 12d37b8b2c detect-tls: tidy up unittests 
By doing the following:
- removing unnecessary locks
- moving variable declarations
- removing redundant function 'SigCleanSignatures'
 6 years ago
Mats Klepsland 15012fc908 ja3: check if JA3 is disabled on one line 6 years ago
Mats Klepsland 285855d928 detect-tls: remove NULL settings from keyword registration 6 years ago
Mats Klepsland 008f08c1b3 detect-tls: declare ssl_state as const in GetData() 6 years ago
Mats Klepsland 0f7f35bd85 detect-tls: check return values of functions on setup 
Check the return values of DetectBufferSetActiveList() and
DetectSignatureSetAppProto().
 6 years ago
Mats Klepsland 1c04d7cdae detect-tls: remove confusing underscores from variables 
Remove confusing underscore prefix from variables in GetData() for
all tls keywords.
 6 years ago
Mats Klepsland 7020cffaa8 userguide: 'sticky' instead of 'Sticky' for all tls keywords 6 years ago
Jeff Lucovsky de983fb7c9 app-layer-ftp: Potential memory leak fixed 
Ensure that when handling failures during STOR command
processing, that all memory is freed on the error path.
 6 years ago
Mats Klepsland 03d986dd55 userguide: add documentation for tls.certs keyword 6 years ago
Mats Klepsland ba857e9739 detect: add tls.certs keyword 
Add keyword to do "raw" matching on each of the certificates in the
TLS certificate sticky buffer.

Example:
  alert tls any any -> any any (msg:"tls.certs test"; tls.certs; \
          content:"|01 02 03 04|"; sid:1;)
 6 years ago
Victor Julien edae50de94 detect/ssh: fix ssh.protoversion memory leak 6 years ago
Victor Julien 567a7c3cef detect/ssh: mark old ssh keywords as deprecated 6 years ago
Victor Julien d623dc4ac0 detect/parse: add flag to indicate keyword is deprecated 
Issue warning when it is still used.
 6 years ago
Victor Julien b84eba80aa detect/nfs.version: minor cleanups 6 years ago
Victor Julien 2ea11da230 detect/nfs: add nfs.version 6 years ago
Victor Julien 3299f007f8 detect/dcerpc: add dcerpc.iface 
Keep dce_iface as an alias.
 6 years ago
Victor Julien cdff1d50b7 detect/dcerpc.opnum: minor code cleanups 6 years ago
Victor Julien 6840e5c7df detect/dcerpc: add dcerpc.opnum as new name for dce_opnum 6 years ago
Jeff Lucovsky cc492c50c8 eve/logging: disable anomaly logging by default 
Disable anomaly logging by default. Networks with excessive issues may
experience packet processing degradation.
 6 years ago
Philippe Antoine b6b7778e2d http: adds event for header repetition 6 years ago
Jason Ish 9d8eb7b5f0 filestore: remove jansson ifdefs 
Jansson is now required.
 6 years ago
Jason Ish 3dc973d4b1 eve/file: remove rust and jansson ifdefs. 
Both Rust and Jansson are required now.
 6 years ago
Jason Ish 42c327adc4 filestore: fix leak in contructing json 
Use json_array_append_new instead of json_array_append to transfer
ownership of the integer object to jansson so it gets freed.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2961
 6 years ago
Victor Julien ddfcf76c57 detect/engine: make DetectAppLayerMpmRegister decprecated 6 years ago
Victor Julien 752bb1c410 detect/dnp3: add dnp3.data with v2 api support 
Adds MPM support as well. Add TxDetectFlags support to the parser
to avoid duplicate matches.
 6 years ago
magenbluten 09a21627d5 filestore: fix dropping of unwanted files (Issue #2853) 6 years ago
Victor Julien 9132e4032a files: open files with track id only 6 years ago
Victor Julien 3b31bad855 detect/dce_stub_data: add dcerpc.stub_data 
Also use v2 API for inspect and mpm registration.
 6 years ago