aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,935 Commits
8 Branches
165 Tags
216 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7807b47ca0'
${ noResults }
Commit Graph

511 Commits (7807b47ca0c5230a0ad911589f00bf7484a13e24)

Author SHA1 Message Date
Victor Julien 48972d544c doc/userguide: link to protocol details from transactional rules 2 months ago
Victor Julien 480e664b4c doc/userguide: add xbits tx scope support 
Ticket #7680.
 2 months ago
Victor Julien a1c4167d94 doc/userguide: add initial protocols overview 
Explain per protocol mechanics for rule matching.
 2 months ago
Victor Julien e2a5bc058c doc/userguide: fix DCERPC headings 2 months ago
Victor Julien be5c83ed53 doc/userguide: add rule hooks to protocol doc 
Ticket #7662.
 2 months ago
Victor Julien 91f258e2bc doc/userguide: add missing app-layer protocols 2 months ago
Victor Julien 2623e67a80 doc/userguide: add missing rule protocols 2 months ago
Philippe Antoine 3641b4eda1 detect/nfs: move nfs_procedure to rust 
Make it able to use strings on the way

Ticket: 6723
 2 months ago
Philippe Antoine 9869fb776b detect/snmp: pdu_type keyword now accepts strings 
Ticket: 6723
 2 months ago
Philippe Antoine 0553dfa814 detect/krb5: move krb5_msg_type to rust 
Makes it a generic u32 on the way

Unit tests are covered by SV tests

Ticket: 6723
 2 months ago
Philippe Antoine da486af881 detect: list-keywords cli shows integers 
Ticket: 7875
 2 months ago
Philippe Antoine b298bce0e7 detect: list-keywords cli shows multi-buffers 
Ticket: 7571
 2 months ago
Andreas Dolp cc590b54c7 doc: fix typo and missing newline in rules/ssh_keywords. 2 months ago
Juliana Fajardini 21b27597d6 doc/rules/internals: minor fixes 
Fix typo and add a reference about the classtype keyword effect.

Related to
Task #5449
 2 months ago
Fupeng Zhao e79d735374 decode/etag: ETag 802.1BR decoder 
Ticket: #3953.
 2 months ago
Philippe Antoine cb9ab951b9 detect/integers: subslice for multi-integers 2 months ago
Philippe Antoine 82f0e725a2 detect/integers: index or_absent and or_oob 
To match if array is empty, or index is out of bounds
 2 months ago
Philippe Antoine 1480cf47ab detect/integers: nb index to match a specific number of times 
For example
dns.rrtype: !A,nb>3
will match if we have more than 3 dns records which are not A
 2 months ago
Philippe Antoine 6f848eeaaf detect/integers: all1 index to match only on non-empty arrays 2 months ago
Philippe Antoine 5add185f22 http2/detect: http2.window can now use index 
Ticket: 7480
 2 months ago
Philippe Antoine 83868778b9 http2/detect: http2.priority can now use index 
Ticket: 7480
 2 months ago
Philippe Antoine 9fc407fd75 mqtt/detect: mqtt.type can now use index 
Ticket: 7480
 2 months ago
Philippe Antoine dad424d74a doc: multi-integers section for rules 
Ticket: 7480

Describing the usage of index
 2 months ago
Alice Akaki 8e0b0ef35f detect: add email.body_md5 keyword 
email.body_md5 matches on md5 hash generated from email body
This keyword maps to the EVE field email.body_md5
It is a sticky buffer
Supports prefiltering

Ticket: #7587
 2 months ago
Victor Julien 46203de0e9 doc: adjust for master to main rename 2 months ago
Juliana Fajardini 27e165f760 doc/rules/index: keep rule types doc near the end 
As this chapter is more meta than about rule keywords, keep it by the
end of the index, to have some semantic separation from the other
sections.
 2 months ago
Juliana Fajardini d5810a42e1 userguide: document how suricata processes rules 
Added a page that explains how rules are prioritized by Suri, as well
as what main different types of inspection happen and what elements are
involved when ordering rules.

Task #5449
 2 months ago
Philippe Antoine 0026019dcf doc: complete list of multi-buffers 
Ticket: 7867
 2 months ago
Philippe Antoine d0a513df6a detect/integers: support kibibyte unit 
Ticket: 7869
 3 months ago
Philippe Antoine be9858d3aa detect/integers: document usage of units 
Ticket: 7190
 3 months ago
Jeff Lucovsky 21707ab26c doc/from_base64: Emphasize keyword only values 
Emphasize that specifying the keyword only will result in the defaults
for each option to be used.

Issue: 7853
 3 months ago
Jason Ish 7a65ca10e2 doc/lua-detection: fix example script; remove most buffers 
- Reference rule hooks instead

Ticket: #7728
 4 months ago
Jason Ish 4791f37ca2 doc/lua-detection: update note to mention rules are enabled by default 
In 8.0, Lua rules are enabled by default.
 4 months ago
Philippe Antoine f4378eb306 doc/devguide: document app-layer protocol detection 
Ticket: 6022
 5 months ago
Jeff Lucovsky a300df4c4d detect/entropy: Clarify when entropy is logged 
Clarify when entropy values are logged and associated with non-alert log
records.
 5 months ago
Eric Leblond 751f3eef3b doc/userguide: fix some typos 5 months ago
Eric Leblond 6236574b9c doc/userguide: enrichment_key is now context_key 5 months ago
Eric Leblond 20a0575d96 doc/userguide: fix some typos 
Suggestions from Juliana.

Co-authored-by: Juliana Fajardini Reichow <jufajardini@gmail.com>
 5 months ago
Eric Leblond 40c545f8d9 doc/userguide: jsonline is now standard ndjson 5 months ago
Eric Leblond f724c75cc9 doc/userguide: improve datajson doc 5 months ago
Eric Leblond a652eee508 doc/userguide: remove left over datajson reference 5 months ago
Eric Leblond 7d28758a54 doc/userguide: improve datajson doc 
Patch adds ``remove_key`` option and clarifies the text.
 5 months ago
Eric Leblond 0ae88a408a doc/userguide: basic doc for jsonline format 5 months ago
Eric Leblond 9873c5d2e1 doc/userguide: add dataset with json 5 months ago
Victor Julien f2faba5a23 detect/config: add flow tracking doc 5 months ago
Victor Julien ecbcccf355 detect: add tcp.wscale keyword 
Allows matching on wscale option value in TCP header options.

Ticket: #7713.
 5 months ago
Jeff Lucovsky a8a3780276 doc/entropy: Document the entropy log output 5 months ago
Juliana Fajardini c5b9277474 doc/payload: fix typo, minor formatting changes 6 months ago
Juliana Fajardini 627b8900ef doc/rule-types: fix typo 6 months ago
Jason Ish 4a655053e8 mdns: add mdns parser, logger and detection 
The mDNS support is based heavily on the DNS support, reusing the
existing DNS parser where possible. This meant adding variations on
DNS, as mDNS is a little different. Mainly being that *all* mDNS
traffic is to_server, yet there is still the concept of request and
responses.

Keywords added are:
- mdns.queries.rrname
- mdns.answers.rrname
- mdns.additionals.rrname
- mdns.authorities.rrname
- mdns.response.rrname

They are mostly in-line with the DNS keywords, except
mdns.answers.rdata which is a better than that mdns.response.rrname,
as its actually looking at the rdata, and not rrnames.

mDNS has its own logger that differs from the DNS logger:

- No grouped logging

- In answers/additionals/authorities, the rdata is logged in a field
  that is named after the rdata type. For example, "txt" data is no
  longer logged in the "rdata" field, but instead a "txt" field. We
  currently already did this in DNS for fields that were not a single
  buffer, like SOA, SRV, etc. So this makes things more consistent. And
  gives query like semantics that the "grouped" object was trying to
  provide.

- Types are logged in lower case ("txt" instead of "TXT")

- Flags are logged as an array: "flags": ["aa", "z"]

Ticket: #3952
 6 months ago