aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,866 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8560564657'
${ noResults }
Commit Graph

95 Commits (8560564657735a4c22004d51db9775ca2f1d9645)

Author SHA1 Message Date
Jason Ish 224f55ba21 detect/lua: don't treat a crashed script as no match 
If a rule script crashed, the return value was treated as a no
match. This would make a negation of the rule match and alert.

Instead cleanup and exit early if the rule script crashed and don't
run negation logic.

A stat, detect.lua.errors has been added to count how many times a
script crashes.

Also consolidates the running of the Lua script and return value
handling to a common function.

Bug: #6940
 10 months ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 10 months ago
Giuseppe Longo 01586d884d output-json/arp: implement logger 
This adds a logger for ARP, disabled by default.

Ticket #6827
 10 months ago
Giuseppe Longo 5219a5da5f decode/arp: implement decoder 
This adds a decoder for ARP.

Ticket #6827
 10 months ago
Shivani Bhardwaj 329ac61961 eve/stats: add description for ips 
Ticket 6434
 10 months ago
Shivani Bhardwaj 861ffff972 eve/stats: add description for transactions 
Ticket 6434
 10 months ago
Giuseppe Longo bff790b6ac rust/sdp: implement logger 
This implements a logger for the SDP protocol.
Given that SDP is encapsulated within other protocols (such as SIP),
enabling it separately is not necessary.

Ticket #6627
 10 months ago
Philippe Antoine 0291d37009 websocket: configurable logging of payload in alerts 11 months ago
Philippe Antoine 44b6aa5e4b app-layer: websockets protocol support 
Ticket: 2695
 11 months ago
Sascha Steinbiss 120313f4da ja4: implement for TLS and QUIC 
Ticket: OISF#6379
 11 months ago
Jeff Lucovsky 2dfa4cecb5 stats: Memcap pressure max relocation 
This commit moves the memcap pressure/pressure_max stats from the global
stats namespace into the memcap namespace.

With per-thread stats, they will be within the flow-manager's values.

Issue: 6398
 11 months ago
Juliana Fajardini caf590d51f stream/midstream: add counter for exception policy 
Add stats counters for when there is an exception policy applied in case
of a session picked up midstream.

Task #5816
 11 months ago
Juliana Fajardini fd9a20ffcf stream/reassemble: add exception policy counters 
Add stats counters for exception policies applied in case of memcap hit
during stream reassembly.

Task #5816
 11 months ago
Juliana Fajardini 2dee3772bf stream/tcp: add ssnmemcap exception policy counter 
Add stats counters for exception policies applied in case a stream
session memcap is hit.

Task #5816
 11 months ago
Juliana Fajardini a71ace8575 applayer: add stats counters for exception errors 
Add stats counters for exception policy are applied for app-layer errors

Part of
Task #5816
 11 months ago
Juliana Fajardini 485c0e1d9a defrag: add exception policy memcap stats counters 
Add defrag memcap stats counter.

Task #5816
 11 months ago
Juliana Fajardini 657419b53e decode/flow: add exception policy stats counters 
We will register stats counters for all policies, even though for now
Suri only uses one possible configuration policy at a time. The idea is
that this could change in the near future, so we want to have this
ready.

Task #5816
 11 months ago
Juliana Fajardini ce001d8eae schema: apply clang formatting changes 11 months ago
Arne Welzel f9cf87a003 schema: Add stats.capture and in_iface properties 
New suricata-verify test listens on loopback interface, resulting
in the capture and in_iface fields in the stats and event objects.
 12 months ago
Jason Ish c2ecae9b82 schema: add flow.wrong_thread 1 year ago
Giuseppe Longo c9d309219e rust/sip: register parser for tcp 
This patch lets the parser to work over tcp protocol, taking care of handling
data before calling the request/response parsers.

Ticket #3351.
 1 year ago
Hadiqa Alamdar Bukhari 6c193b1a3d dns: add missing dns keywords to schema.json 
Found and added missing dns fields in schema.json after manual code review.
Added description to these newly added dns fields.
Feature #5642
 1 year ago
Shivani Bhardwaj 487ba82fb9 eve/stats: add description for applayer flows 
Ticket 6434
 1 year ago
Shivani Bhardwaj 8817514bea eve/stats: add description for expectations 
Ticket 6434
 1 year ago
Shivani Bhardwaj 1816e98ef0 eve/stats: add description for applayer errors 
Ticket 6434
 1 year ago
Shivani Bhardwaj 5a1a32ba5b eve/stats: add description for common fields 
Ticket 6434
 1 year ago
Jason Ish 90ae3a223f eve/schema: allow authorities in dns.answers in alert 
Factor out dns.authorities to a definition.
 1 year ago
Jason Ish b453eea150 stats: add rules skipped 
Rule skipped is a count of the number of rules that are skipped due to
missing requirements.

Feature: #6637
 1 year ago
Philippe Antoine f714678d72 schema: adds missing modbus field 
./stats/app_layer/error/modbus
 1 year ago
Juliana Fajardini 467c3f2c64 schema: apply clang formatting changes 1 year ago
Juliana Fajardini 30ac77ce65 pgsql: add cancel request message 
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.

Task #6577
 1 year ago
Philippe Antoine 8c5310aefd doc: quic in eve/schema 
Ticket: #6076
 1 year ago
Jeff Lucovsky 904f0ddeee stats: Track stream reassembly drops 
Issue: 6235
 1 year ago
Yatin Kanetkar b67ff4badf dhcp: Log Vendor Client Identifier (dhcp option 60) 
* Log vendor client identifier (dhcp option 60) if extended dhcp
logging is turned on. This required the `vendor_client_identifier` to
be added to the json schema. Validation done using an SV Test
* Added `requested_ip` to the json schema as well, since it was
missed. My SV test failed without it.

Feature #4587
 2 years ago
Jason Ish 3802a51552 eve/schema: add host 
The "host" field is added to EVE events if the "sensor-name" field is
configured in suricata.yaml.
 2 years ago
Jeff Lucovsky 424f12d1b3 schema: Add memcap pressure values 
Issue: 6094

This commit extends the EVE schema with memcap_pressure values; these
are included in the stat event type records.
 2 years ago
Philippe Antoine b12a35c3cf output: add storing boolean for files 
When filestore keyword is triggered, the file is not yet stored,
when the alert is generated, but only marked for storing.

Ticket: 4881
 2 years ago
Philippe Antoine f35052941d jsonschema: add missing field .files[].file_id 2 years ago
Victor Julien 1f9767a9cb stats: add drop reason counters 
{
  "accepted": 296185,
  "blocked": 162,
  "rejected": 0,
  "replaced": 0,
  "drop_reason": {
    "decode_error": 0,
    "defrag_error": 0,
    "defrag_memcap": 0,
    "flow_memcap": 0,
    "flow_drop": 94,
    "applayer_error": 0,
    "applayer_memcap": 0,
    "rules": 3,
    "threshold_detection_filter": 0,
    "stream_error": 63,
    "stream_memcap": 0,
    "stream_midstream": 2,
    "nfq_error": 0,
    "tunnel_packet_drop": 0
  }
}

Ticket: #6230.
 2 years ago
Victor Julien 735c37c668 eve/schema: add ips capture stats 2 years ago
Juliana Fajardini 0437173848 output/drop: add verdict field 
Related to
Bug #5464
 2 years ago
Juliana Fajardini 53b8defd79 output/alert: add verdict field 
Related to
Bug #5464
 2 years ago
Philippe Antoine 4f4651e360 output/file: http2 metdata is logged in http object 
as is done for http2 events and alerts.
The http.version integer can help to determine if this is HTTP2

Ticket: #6165
 2 years ago
Juliana Fajardini 05417407b3 schema: add missing flow event property: emergency 2 years ago
Jeff Lucovsky 9dc68ac59a json/schema: Add additional VLAN layer stat 
Issue: 2816

This commit extends the JSON schema with the additional VLAN stat for
tracking VLAN encapsulated packets with 3 levels.
 2 years ago
Eric Leblond a73c9b0e40 output: target keys have port 
Update JSON schema to support signature with target keyword
 2 years ago
Victor Julien a8057eeed8 eve/schema: spelling 2 years ago
Philippe Antoine 416a780f69 jsonschema: do not enforce keys for alert metadata 
As this is a free field and can have any key based on a rule
 2 years ago
Jason Ish 3a44197183 schema: add "message_id" to email 2 years ago
Jason Ish bf079c9214 schema: fix optional 
"optional" is not part of jsonschema. Instead an array named "required"
is used to list all field names that are required.
 2 years ago