Commit Graph

324 Commits (7bc2469eb1ce91d6901c934579487f74fc5652e3)

Author SHA1 Message Date
Maurizio Abba bce7c2dd87 eve/http: add tx->request_port_number as http_port
Add the port specified in the hostname (if any) to the http object in
eve. The port may be different from the dest_port used by the TCP flow.
7 years ago
Eric Leblond 173e5a1c58 doc: iprep supports CIDR networks 7 years ago
Victor Julien 7c884e0850 doc: update multi-tentant for device feature 7 years ago
Danny Browning 2dc6b6ee14 source-pcap-file: delete when done (2417)
https://redmine.openinfosecfoundation.org/issues/2417

Add option to have pcap files deleted after they have been processed.
This option combines well with pcap file continuous and streaming
files to a directory being processed.
7 years ago
Jason Ish ede94e1f66 doc: alphabetize EXTRA_DIST 7 years ago
Jason Ish ff73d908aa doc: add window ips inline doc to extra_dist 7 years ago
Jason Ish d2142cf433 doc: make warnings errors when building man page 7 years ago
Jason Ish 01f477786e doc: link in windows ips setup page 7 years ago
Jacob Masen-Smith ec77632e84 Adds WinDivert support to Windows builds
Enables IPS functionality on Windows using the open-source
(LGPLv3/GPLv2) WinDivert driver and API.

From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."

- adds `--windivert [filter string]` and `--windivert-forward [filter
    string]` command-line options to enable WinDivert IPS mode.
    `--windivert[-forward] true` will open a filter for all traffic. See
    https://www.reqrypt.org/windivert-doc.html#filter_language for more
    information.

Limitation: currently limited to `autofp` runmode.

Additionally:
- `tmm_modules` now zeroed during `RegisterAllModules`
- fixed Windows Vista+ `inet_ntop` call in `PrintInet`
- fixed `GetRandom` bug (nonexistent keys) on fresh Windows installs
- fixed `RandomGetClock` building on Windows builds
- Added WMI queries for MTU
7 years ago
Chris Speidel 1e8959b465 doc: fix minor typo 7 years ago
Victor Julien 693a3df031 tls: document encrypt-handling option
Document in sample yaml and user guide.
7 years ago
Victor Julien c677e07d3e kerberos: minor doc updates, add author 7 years ago
Jason Ish fb85822730 dhcp: update user guide 7 years ago
Pierre Chifflier c51ff32adb Document Kerberos 5 parsing events 7 years ago
Pierre Chifflier 1076c7cd47 Add krb5_err_code detection keyword 7 years ago
Pierre Chifflier d6b9c0294a Add krb5_cname and krb5_sname detection keywords 7 years ago
Pierre Chifflier 0bd81ff838 Add krb5_msg_type detection keyword 7 years ago
Pierre Chifflier 1e5f5d405f Kerberos 5: add support for TCP as well 7 years ago
Pascal Delalande 4f48927c44 doc: spelling mistakes in various sections of the user guide 8 years ago
Max Fillinger ce270a8f6a Add info about pcap log compression to user guide 8 years ago
Eric Leblond e249ce29bb doc: add lua directory to Makefile 8 years ago
Victor Julien 4a90dced8e doc/lua: small update to the usage intro 8 years ago
Eric Leblond 2546e86a16 doc: document lua function about flow var 8 years ago
Eric Leblond 0c4bf2d332 doc: add a lua support top level section
Both output and signature are using lua. So lua functions should
be displayed in a single section.
8 years ago
Eric Leblond 293b00798e doc: document lua TLS functions 8 years ago
Pascal Delalande e3c5784dd5 doc: minor updates (tls custom, TODO removal, ftp/smb file rules) 8 years ago
Victor Julien 83bf60d897 doc: add ntlmssp, kerberos and other setup fields 8 years ago
Richard Sailer dc07c1fe13 lua output doc: Use more descriptive variable names in the examples
This also removes the "args" parameter of the hooking functions in the examples,
since this parameter is unused in all functions.
It would not be very helpful anyways since 3 of the 4 functions don't get passed
any parameters. The only exception is init() which gets a table containing:
  script_api_ver = 1
8 years ago
Richard Sailer 3307f7a94e lua output doc: Add explaining introduction text 8 years ago
Victor Julien e09027915a doc: fix json formatting in smb doc 8 years ago
Victor Julien 67e81a9555 doc: initial smb eve documentation 8 years ago
Victor Julien 78437375c4 doc: add by_either to suppress explanation 8 years ago
Victor Julien 2c259f2239 doc: add smb section to yaml 8 years ago
Victor Julien 13bdcd5249 doc: minor fix 8 years ago
Victor Julien 1edd9d19fc doc: add SMB to file extraction. Minor improvements. 8 years ago
Victor Julien b4771150b8 doc: update suricata-update screenshot 8 years ago
Victor Julien b531e7725d doc: improve suricata-update docs now that its bundled 8 years ago
Victor Julien ac1ed24cb4 doc: improve making sense of alerts 8 years ago
Victor Julien ccde621ceb doc: add suricata-update to intro for rules 8 years ago
Pierre Chifflier 6eb48e1e93 Add ikev2 to userguide 8 years ago
Victor Julien 26e807ca34 doc: fix http_header_names example 8 years ago
Eric Leblond 0a72d5be96 doc: fix typo in unix socket doc
Also fixes a dead link to code.
8 years ago
Eric Leblond 975f413308 doc: more info on unix socket rule reload 8 years ago
Eric Leblond e2aab10d29 doc: fix typo in ebpf xdp doc 8 years ago
Mats Klepsland 47a7ebbbc2 doc: add JA3 fields to the TLS logger documentation 8 years ago
Mats Klepsland fb0bfb614f doc: add documentation for Ja3GetString Lua function 8 years ago
Mats Klepsland 2514553098 doc: add documentation for Ja3GetHash Lua function 8 years ago
Mats Klepsland a357f52fa5 doc: add documentation for ja3_string keyword 8 years ago
Mats Klepsland 38cc6f595f doc: add documentation for ja3_hash keyword 8 years ago
Giuseppe Longo fb66d45754 doc: introduce dns compact logging 8 years ago