suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	ea1e13cb00	smb: suppress notice messages	7 years ago
Pierre Chifflier	576b8ef722	SMB: simplify code	7 years ago
Pierre Chifflier	cf5de0c58e	SMB: use String::from_utf8_lossy in logging functions	7 years ago
Pierre Chifflier	b5529e4ffb	SMB: use kerberos-parser to extract Real and PrincipalName	7 years ago
Victor Julien	0dfb3f0e7f	smb1: extract rename info from TRANS2 Exclude TRANS2 from generic TX lookup bypass.	7 years ago
Victor Julien	8eeda113c8	smb1: add parsing for RENAME command	7 years ago
Victor Julien	7b61f2c589	smb2: log renames	7 years ago
Victor Julien	15978d4e85	smb: if filename is missing, use '<unknown>'	7 years ago
Victor Julien	c60decd678	rust/dns: default to eve log version 2 for rust	7 years ago
Jason Ish	27fd521420	eve/dns/v2: support eve/dns v2 in rust	7 years ago
Jason Ish	57d9574839	rust/json: expose more of jansson to rust	7 years ago
Jason Ish	dfdfc478ab	eve/dns-v2: only log responses for enabled types This changes the logic a bit for v2, checking the rrtype of the query to see if the response should be logged.	7 years ago
Jason Ish	769f972185	eve/dns-v2: log authorities as a list Log the authorities just like the answers, as a list under the authorities key.	7 years ago
Giuseppe Longo	fb66d45754	doc: introduce dns compact logging	7 years ago
Giuseppe Longo	92db7be502	output-json-alert: add dns info This changes LogQuery and LogAnswer functions returning a json object instead of writing it in a log file. In this way it's possible to reuse them to add dns info into an alert. The following is an alert record with dns: { "timestamp": "2017-07-31T15:01:17.885281+0200", "event_type": "alert", "src_ip": "8.8.8.8", ... "dns": { "query": [ { "type": "query", "id": 25394, "rrname": "notifications.google.com", "rrtype": "A", "tx_id": 0 } ], "answer": { "type": "answer", "id": 25394, "rcode": "NOERROR", "answers": [ { "rrname": "notifications.google.com", "rrtype": "CNAME", "ttl": 3599, "rdata": "plus.l.google.com" }, { "rrname": "plus.l.google.com", "rrtype": "A", "ttl": 299, "rdata": "216.58.205.174" } ] } } }	7 years ago
Giuseppe Longo	6231ffc110	output-json-dns: add json logging functions This adds some public functions needed to add dns information when an alert is logged.	7 years ago
Giuseppe Longo	756bed06a8	output-json-dns: add new output formats for v2 This adds two new output formats that permits to reduce the number of line logged for a dns answer because actually an event is logged for each answer. With this patch, only an event that contains all the answers is logged. The formats are named 'detailed' and 'grouped'. The first format provides a list of answers with the following fields: - rrname - rrdata - ttl - rdata The second format provides a list of record data grouped by their type. The output below is an example of the formats: { "timestamp": "2017-11-29T10:27:18.148282+0100", "flow_id": 268864910185905, "in_iface": "wlp2s0", "event_type": "dns", "src_ip": "192.168.1.254", "src_port": 53, "dest_ip": "192.168.1.176", "dest_port": 52609, "proto": "UDP", "dns": { "type": "answer", "id": 3654, "rcode": "NOERROR", "answers": [ { "rrname": "wordpress.org", "rrtype": "A", "ttl": 544, "rdata": "66.155.40.249" }, { "rrname": "wordpress.org", "rrtype": "A", "ttl": 544, "rdata": "66.155.40.250" } ], "grouped": { "A": [ "66.155.40.249", "66.155.40.250" ] } } }	7 years ago
Giuseppe Longo	869b7c0e0c	output-json-dns: add new configuration This patch adds a new configuration for dns, introducing a "version" that permits to switch between the new and old format to provide backward compatibility. The new configuration is made up of these new fields: - version - requests (query) - response (answer) - types (custom)	7 years ago
David DIALLO	c2236ea2b3	modbus: Support Unit Identifier When destination IP address does not suffice to uniquely identify the Modbus/TCP device. Some Modbus/TCP devices act as gateways to other Modbus/TCP devices that are behind this gateways.	7 years ago
Victor Julien	71742ed52b	smb: share can't be <share_root>	7 years ago
Victor Julien	bc193242ad	smb1: add OPEN_ANDX command name for logging	7 years ago
Victor Julien	32b19fac99	smb2: don't log/track each READ/WRITE/etc	7 years ago
Victor Julien	fb986abe81	smb: log file FID/GUID as fuid	7 years ago
Victor Julien	67f0e27ca4	smb: add smb records to fileinfo	7 years ago
Victor Julien	816bd022a6	smb1: improve non nt-status handling Support SRV error, with a couple of codes. Rename statux field to status_code.	7 years ago
Victor Julien	0519807639	smb1: ignore tree_id in session setup	7 years ago
Victor Julien	286c054472	smb: improve nbss/smb record detection	7 years ago
Victor Julien	7ab071a58d	rust/smb: implement minimal record parsing in probing	7 years ago
Victor Julien	ff398deda9	rust/smb: improve protocol detection Register both pattern based detection and probing parsers.	7 years ago
Victor Julien	251a8e7deb	smb: add smb to default eve-log config	7 years ago
Victor Julien	283be3cade	smb2: break out ioctl handling	7 years ago
Victor Julien	bf08285602	smb2: parse async records	7 years ago
Victor Julien	5c26020714	smb2: add ioctl transactions to log the funcs	7 years ago
Victor Julien	75265ec376	smb2: map ioctl funcs to names List is based on Wireshark's list.	7 years ago
Victor Julien	7cd66516f0	smb: use formal MS names for disposition	7 years ago
Victor Julien	f7ed749d4f	smb: disable debug output	7 years ago
Victor Julien	eed492547c	smb1: extract server guid from negotiate	7 years ago
Victor Julien	6d56edc3de	smb2: log client and server guid from negotiate	7 years ago
Victor Julien	c56f5e11ca	smb2: log share type	7 years ago
Victor Julien	d75ebdb981	smb: log create empty filename as '<share_root>' like Bro does	7 years ago
Victor Julien	fcbeab70a4	smb1: log create 'service' fields	7 years ago
Victor Julien	90e2abaac4	smb1: use generic string parsing for trans	7 years ago
Victor Julien	76917a8732	smb1: generic smb string parse func	7 years ago
Victor Julien	668c747aee	smb1: more exact tree connect record parsing	7 years ago
Victor Julien	0ed00cf104	smb: move common parsing funcs into own file	7 years ago
Victor Julien	1c701dc50e	smb: make string parsing functions public	7 years ago
Victor Julien	1d4aac1d4d	smb1: set event on empty/malformed dialect	7 years ago
Victor Julien	c91242e71c	smb: rename file to filename in output	7 years ago
Victor Julien	caf29e92b3	smb1: parse and log timestamps in CREATE	7 years ago
Victor Julien	0e05ef7369	smb2: parse and log timestamps in CREATE	7 years ago

... 3 4 5 6 7 ...

9030 Commits (7d5f8295bc78d6268cb66723377c6f3df25354af) All Branches Search

9030 Commits (7d5f8295bc78d6268cb66723377c6f3df25354af)

All Branches