aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,819 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a5f1f19b27'
${ noResults }
Commit Graph

9819 Commits (a5f1f19b275bd7c09b4f4cf934d47e476bdddf7d)
 

Author SHA1 Message Date
Victor Julien a5f1f19b27 travis: move checks into script 
This makes error handling easier and more robust:
https://docs.travis-ci.com/user/job-lifecycle#complex-build-commands
 6 years ago
Victor Julien 68455caa6a travis: add sphinx to trigger doc build 6 years ago
Mats Klepsland f634da61c9 ja3s-string: move unittests to tests/ 6 years ago
Mats Klepsland 736d35f36e ja3s-hash: move unittests to tests/ 6 years ago
Mats Klepsland b59e82a642 userguide: add documentation for ja3s.string keyword 6 years ago
Mats Klepsland 0b489f329c detect: add (mpm) keyword ja3s.string 
Match on JA3S string using ja3s.string keyword, e.g:

  alert tls any any -> any any (msg:"ja3s.string test";
      ja3s.string; content:"10-11-12"; sid:1;)
 6 years ago
Mats Klepsland 76b94c7073 userguide: add documentation for ja3s.hash keyword 6 years ago
Mats Klepsland 80cee50916 detect: add (mpm) keyword ja3s.hash 
Match on JA3S hash using ja3s.hash keyword, e.g:

  alert tls any any -> any any (msg:"ja3s.hash test";
      ja3s.hash; content:"b26c652e0a402a24b5ca2a660e84f9d5"; sid:1;)
 6 years ago
Mats Klepsland d15903a2ef userguide: add documentation for Ja3SGetString Lua function 6 years ago
Mats Klepsland 03e8e658d7 lua: add Ja3SGetString function 
Add Ja3SGetString() to return the content of the JA3S string buffer from
the TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3s_string.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3s_string = Ja3SGetString()
      if ja3s_string == nil then
          return
      end

      file:write(ja3s_string .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end
 6 years ago
Mats Klepsland 37a0594417 userguide: add documentation for JA3SGetHash Lua function 6 years ago
Mats Klepsland b1d5fe9657 lua: add Ja3SGetHash function 
Add Ja3SGetHash() to return the content of the JA3S hash buffer from
the TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3s_hash.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3s_hash = Ja3SGetHash()
      if ja3s_hash == nil then
          return
      end

      file:write(ja3s_hash .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end

In the example above, each JA3S hash is logged to a log file.
 6 years ago
Mats Klepsland 800608ab65 userguide: add JA3S fields to the TLS logger documentation 6 years ago
Mats Klepsland a4eaef25d6 eve: add JA3S field to TLS JSON logger 
Add JA3S object to TLS JSON logger (extended log).
 6 years ago
Mats Klepsland a4471987ba app-layer-ssl: generate JA3S fingerprints 
Generate JA3S fingerprints based on fields in the ServerHello record.
 6 years ago
Alexander Gozman 3a16009966 Bug #2965: fix NFQ arguments parsing 6 years ago
Andreas Herz 8baf64f5e9 af-packet: fix setting block_timeout value through afpconfig 6 years ago
Jeff Lucovsky 8a94b93b7b doc: Anomaly logging documentation 
This changeset adds discussion of anomaly log records and
the anomaly log record format.
 6 years ago
Jeff Lucovsky 462a4e2b5b detect/analyzer: Improve warning message 
This changeset modifies the warning printed when a rule
is determined to detect in both directions.
 6 years ago
Eric Leblond 5d76f0897c af-packet: remove rollover reference 
This patch removes reference to rollover in the configuration file
and add warnings when it is used.
 6 years ago
Philippe Antoine 037d50ef06 signature: fix overflow in parsing 6 years ago
Philippe Antoine 3e12066819 http: adds events for each libhtp log 
Fixes #997
 6 years ago
Mats Klepsland 3c57ac144c detect-ssl-version: move unittests to tests/ 6 years ago
Mats Klepsland 238797cc66 detect-ssl-state: move unittests to tests/ 6 years ago
Mats Klepsland 479e73b98e detect-tls-version: move unittests to tests/ 6 years ago
Mats Klepsland 767bde5e74 detect-tls-cert-validity: move unittests to tests/ 6 years ago
Mats Klepsland a260a57b68 detect-tls-sni: move unittests to tests/ 6 years ago
Mats Klepsland adb4da3975 detect-tls-ja3-string: move unittests to tests/ 6 years ago
Mats Klepsland 74a7b7e3cf detect-tls-ja3-hash: move unittests to tests/ 6 years ago
Mats Klepsland 5d3b94b3e4 detect-tls-cert-subject: move unittests to tests/ 6 years ago
Mats Klepsland 0d728ee4c6 detect-tls-cert-serial: move unittests to tests/ 6 years ago
Mats Klepsland e125e58c97 detect-tls-cert-issuer: move unittests to tests/ 6 years ago
Mats Klepsland 3646234ac5 detect-tls-cert-fingerprint: move unittests to tests/ 6 years ago
Mats Klepsland 12d37b8b2c detect-tls: tidy up unittests 
By doing the following:
- removing unnecessary locks
- moving variable declarations
- removing redundant function 'SigCleanSignatures'
 6 years ago
Mats Klepsland 15012fc908 ja3: check if JA3 is disabled on one line 6 years ago
Mats Klepsland 285855d928 detect-tls: remove NULL settings from keyword registration 6 years ago
Mats Klepsland 008f08c1b3 detect-tls: declare ssl_state as const in GetData() 6 years ago
Mats Klepsland 0f7f35bd85 detect-tls: check return values of functions on setup 
Check the return values of DetectBufferSetActiveList() and
DetectSignatureSetAppProto().
 6 years ago
Mats Klepsland 1c04d7cdae detect-tls: remove confusing underscores from variables 
Remove confusing underscore prefix from variables in GetData() for
all tls keywords.
 6 years ago
Mats Klepsland 7020cffaa8 userguide: 'sticky' instead of 'Sticky' for all tls keywords 6 years ago
Jeff Lucovsky de983fb7c9 app-layer-ftp: Potential memory leak fixed 
Ensure that when handling failures during STOR command
processing, that all memory is freed on the error path.
 6 years ago
Mats Klepsland 03d986dd55 userguide: add documentation for tls.certs keyword 6 years ago
Mats Klepsland ba857e9739 detect: add tls.certs keyword 
Add keyword to do "raw" matching on each of the certificates in the
TLS certificate sticky buffer.

Example:
  alert tls any any -> any any (msg:"tls.certs test"; tls.certs; \
          content:"|01 02 03 04|"; sid:1;)
 6 years ago
Victor Julien edae50de94 detect/ssh: fix ssh.protoversion memory leak 6 years ago
Victor Julien 567a7c3cef detect/ssh: mark old ssh keywords as deprecated 6 years ago
Victor Julien d623dc4ac0 detect/parse: add flag to indicate keyword is deprecated 
Issue warning when it is still used.
 6 years ago
Victor Julien b84eba80aa detect/nfs.version: minor cleanups 6 years ago
Victor Julien 2ea11da230 detect/nfs: add nfs.version 6 years ago
Victor Julien 3299f007f8 detect/dcerpc: add dcerpc.iface 
Keep dce_iface as an alias.
 6 years ago
Victor Julien cdff1d50b7 detect/dcerpc.opnum: minor code cleanups 6 years ago