aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,280 Commits
8 Branches
154 Tags
167 MiB
dependabot/github_actions/github/codeql-action-3.26.13
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c57052181c'
${ noResults }
Commit Graph

198 Commits (c57052181c9e9fd9ec54f7b1ca4740f4be6cdece)

Author SHA1 Message Date
Todd Mortimer 6b4d32c6bb doc: Update documentation for by_rule and by_both thresholds. 5 years ago
Jeff Lucovsky 4ad6c5421a doc: fix documentation typos 5 years ago
Jeff Lucovsky bc01392e93 doc: Update byte_test documentation 5 years ago
Frank Honza 1c8943dedd add RFB parser 
This commit adds support for the Remote Framebuffer Protocol (RFB) as
used, for example, by various VNC implementations. It targets the
official versions 3.3, 3.7 and 3.8 of the protocol and provides logging
for the RFB handshake communication for now. Logged events include
endpoint versions, details of the security (i.e. authentication)
exchange as well as metadata about the image transfer parameters.
Detection is enabled using keywords for:

 - rfb.name: Session name as sticky buffer
 - rfb.sectype: Security type, e.g. VNC-style challenge-response
 - rfb.secresult: Result of the security exchange, e.g. OK, FAIL, ...

The latter could be used, for example, to detect brute-force attempts
on open VNC servers, while the name could be used to map unwanted VNC
sessions to the desktop owners or machines.

We also ship example EVE-JSON output and keyword docs as part of the
Sphinx source for Suricata's RTD documentation.
 5 years ago
Philippe Antoine 6251deae21 doc: adds doc for ipv4.hdr signature keyword 5 years ago
Philippe Antoine 1cd314c500 detect: adds icmpv6.mtu keyword 5 years ago
Philippe Antoine 8396333493 detect: adds icmpv6.hdr keyword 5 years ago
Philippe Antoine af1361a988 doc: add missing documentation for ipv6.hdr keyword 5 years ago
jason taylor 1666bc0ad1 doc: minor capitalization fix 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 years ago
jason taylor 4f7dc4f136 doc: add bsize documentation and rule example 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 years ago
Jason Williams 55a36c79ff doc: update http keywords documentation 5 years ago
jason taylor 95237f9894 docs: update datasets examples 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 years ago
EmilienCourt 50bb8d4cb2 doc: fix typo on example 
Quotes have been forgotten in the dnp3.data example, which throws an
SC_ERR_INVALID_SIGNATURE(39) if used like in the example.
 5 years ago
Eric Leblond 9ef2f81ee7 doc/userguide: fix typo 5 years ago
Eric Leblond 821d590f5b doc/userguide: fix base64 example 
Add a sticky buffer example and fix the content modifier one.
 5 years ago
Konstantin Klinger 808ea0dba9 app-layer: remove obsolete msn protocol detection 5 years ago
Victor Julien 6d2bd6607e datasets: make clear the feature is experimental 5 years ago
Victor Julien 4061bf5ceb doc/datasets: update example config to map 5 years ago
Victor Julien be6cdd37f8 stream: remove fix stream.depth references 5 years ago
Giuseppe Longo dd5d0afd79 doc: add SIP keywords 5 years ago
Jason Ish d3e2cc9926 doc: document dns.opcode keyword 5 years ago
Jason Ish daed788d49 doc: Replace dns_query with dns.query. 5 years ago
Travis Green 798d874662 doc: fix whitespace 5 years ago
Victor Julien 6aa2d550a1 doc/dotprefix: fix example rules 5 years ago
Jeff Lucovsky ab3d6328ba detect/transform: add dotprefix keyword to doc 5 years ago
Travis Green 3f146cdd7e doc: add endswith keyword docs 5 years ago
Travis Green 9f8dcad287 doc: update of ssh-kewords documentation 
Modifies ssh-keywords.rst to fix syntax error in example rule as well as
update descriptions to indicate older keywords have been deprecated.
 5 years ago
Victor Julien e36a963196 datasets/doc: minor fixes and clarifications 5 years ago
Victor Julien 0107b9a057 doc/dataset: initial documentation 5 years ago
Nick Price d0a85b7550 ja3: Mention LibNSS dependency for JA3 5 years ago
Eric Leblond 08397e07f1 doc: fix typos in geoip doc 5 years ago
Eric Leblond 0d5608bab2 doc: fix display of icmp code and type array 5 years ago
Eric Leblond 0c84591afe doc: use a table to list direction filter in geoip 5 years ago
Eric Leblond c01cadbade doc: fix geoip syntax 
Spaces are not allowed before country code.
 5 years ago
Vinjar Hillestad 4c18fee3c6 Documenting base64_decode and base64_content 
base64 doc changes based on #4027 pull feedback
 5 years ago
Bill Meeks a291209e47 detect/geoip: migrate to GeoIP2 database format 
Issue #2765
 5 years ago
Victor Julien 034555644b doc: add tcp.hdr and udp.hdr 5 years ago
Victor Julien a01df4b86b doc: document tcp.mss keyword 5 years ago
Andreas Herz 30fd80b0ef doc: convert fancy quotes to straight quotes 5 years ago
Pierre Chifflier 9dfec7e734 SNMP: add the "snmp.pdu_type" detection keyword 5 years ago
Pierre Chifflier e1dd19a0eb SNMP: add the "snmp.community" detection keyword 5 years ago
Pierre Chifflier aa608e0ca2 SNMP: add the "snmp.version" detection keyword 5 years ago
Jeff Lucovsky ab1d95446a doc: http keyword update 
This changeset updates the keyword type for http.location and http.server
 5 years ago
Jeff Lucovsky 0960ca0d00 detect/analyzer Add missing HTTP values 
This changeset adds recognition of missing HTTP values
- Raw host
- Header names
- Server body
- User agent
 5 years ago
Mats Klepsland b59e82a642 userguide: add documentation for ja3s.string keyword 5 years ago
Mats Klepsland 76b94c7073 userguide: add documentation for ja3s.hash keyword 5 years ago
Mats Klepsland 7020cffaa8 userguide: 'sticky' instead of 'Sticky' for all tls keywords 5 years ago
Mats Klepsland 03d986dd55 userguide: add documentation for tls.certs keyword 6 years ago
Jeff Lucovsky 7d6875fb68 documentation: Correct rst for ssh-keywords 
This changeset corrects an error in the ssh-keywords
where 3 "`" characters were used instead of 2 "`" characters.
 6 years ago
Jeff Lucovsky 97fc7c1e1a documentation: sticky buffer updates 
This changeset updates the userguide for the TLS and JA3
keywords that have been renamed from <id>_<name> to <id.name>
 6 years ago
Giuseppe Longo 76357350fd doc: update http.protocol description 6 years ago
Eric Leblond 360a6ace43 doc: add info about buffer usage in lua 6 years ago
Jeff Lucovsky 9856c5533a doc: ssh.{proto,software} documentation update 6 years ago
Jeff Lucovsky 74cd6a9ee8 doc: add http.location and http.server 6 years ago
Bryant Smith 398133b6ce doc: add byte_* documentation to the userguide 
Added byte_test, byte_jump and byte_extract description and example rules
 6 years ago
Eric Leblond 83a8df90f3 doc: improvement of xbits documentation page 6 years ago
Eric Leblond 43ede4db7f doc: xbits:noalert is not a valid syntax 6 years ago
Victor Julien eb73008ccf detect/transform: add to_sha1 keyword 6 years ago
Victor Julien 75f9c1ae9f detect/transform: add to_md5 keyword 6 years ago
Pascal Delalande f2dca46382 doc: fix minor typo 6 years ago
Travis Green c2adb9e669 doc: added tos keyword 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2583
 6 years ago
jason taylor fc54d750dd doc: add bypass keyword documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Mats Klepsland be8c06adfd userguide: add documentation for ssl_version keyword 6 years ago
Victor Julien 5afeebf884 doc/flow: updates and cleanups to flow section 6 years ago
Victor Julien 72dd4a5f92 doc/rules: initial transforms documentation 6 years ago
Mats Klepsland e92fda37c9 doc: add documentation for SSH keywords 6 years ago
Mats Klepsland 10fcc8d2ca doc: update tls.version documentation 6 years ago
Victor Julien c677e07d3e kerberos: minor doc updates, add author 6 years ago
Jason Ish fb85822730 dhcp: update user guide 6 years ago
Pierre Chifflier c51ff32adb Document Kerberos 5 parsing events 6 years ago
Pierre Chifflier 1076c7cd47 Add krb5_err_code detection keyword 6 years ago
Pierre Chifflier d6b9c0294a Add krb5_cname and krb5_sname detection keywords 6 years ago
Pierre Chifflier 0bd81ff838 Add krb5_msg_type detection keyword 6 years ago
Pierre Chifflier 1e5f5d405f Kerberos 5: add support for TCP as well 6 years ago
Pascal Delalande 4f48927c44 doc: spelling mistakes in various sections of the user guide 7 years ago
Eric Leblond 0c4bf2d332 doc: add a lua support top level section 
Both output and signature are using lua. So lua functions should
be displayed in a single section.
 7 years ago
Pascal Delalande e3c5784dd5 doc: minor updates (tls custom, TODO removal, ftp/smb file rules) 7 years ago
Victor Julien ccde621ceb doc: add suricata-update to intro for rules 7 years ago
Pierre Chifflier 6eb48e1e93 Add ikev2 to userguide 7 years ago
Victor Julien 26e807ca34 doc: fix http_header_names example 7 years ago
Mats Klepsland a357f52fa5 doc: add documentation for ja3_string keyword 7 years ago
Mats Klepsland 38cc6f595f doc: add documentation for ja3_hash keyword 7 years ago
David DIALLO c2236ea2b3 modbus: Support Unit Identifier 
When destination IP address does not suffice to uniquely identify
the Modbus/TCP device.

Some Modbus/TCP devices act as gateways to other Modbus/TCP devices
that are behind this gateways.
 7 years ago
Andreas Herz 2e8678a5ff docs: replace redmine links and enforce https on oisf urls 7 years ago
David DIALLO 6c643d8975 modbus: duplicate alerts unaware of direction 
Remove DetectAppLayerInspectEngineRegister for TOCLIENT direction
because Modbus inspection engine is only performing in request (TOSERVER).

Detect Value keyword in read access rule. In read access, match on value
is not possible.

Update Modbus keyword documentation.
 7 years ago
Giuseppe Longo d2121945c9 doc: update file_data description 7 years ago
Eric Leblond 72c8cd67d5 doc: documentation update on metadata 7 years ago
Pascal Delalande 0ff60f65ec doc: update filestore for file hash extraction 
Update for extraction based on md5, sha1 and sha256
 7 years ago
Victor Julien 07738af868 detect/content: introduce startswith modifier 
Add startswith modifier to simplify matching patterns at the start
of a buffer.

Instead of:
    content:"abc"; depth:3;
This enables:
    content:"abc"; startswith;

Especially with longer patterns this makes the intention of the rule
more clear and eases writing the rules.

Internally it's simply a shorthand for 'depth:<pattern len>;'.

Ticket https://redmine.openinfosecfoundation.org/issues/742
 7 years ago
Eric Leblond f5ba4c231d doc: update following ftp-data changes 7 years ago
Andreas Herz 6f0794c16f keyword-filesize: add units 7 years ago
Ralph Broenink f6938933d9 doc: Amend the list of accepted protocols 
Based on the list in suricata.yaml
 7 years ago
Ralph Broenink 98a1ec490f doc: Move IP reputation keyword to rules section 7 years ago
Ralph Broenink 722cff1862 doc: Restructure ToC 
* All sections up to 2 levels deep are now shown regardless of whether they are a separate page
* Rename Xbits and Thresholding for more consistent naming
* Minor adjustment in the Payload Keywords section
 7 years ago
Ralph Broenink 196ba1da70 doc: Make the header keywords section separate sections in ToC 7 years ago
Ralph Broenink a55a6cdb62 doc: Move flowint as integral part of flow keywords 7 years ago
Ralph Broenink f6c766112c doc: Minor changes in structuring of HTTP Keywords / Snort differences 7 years ago
Ralph Broenink e9b25988ba doc: Move pcre entirely to Payload Keywords section 
(plus remove lingering screenshot of a rule)
 7 years ago
Ralph Broenink bb1bf2643d doc: Move fast_pattern and prefilter to dedicated page 7 years ago
Ralph Broenink fea037fda8 doc: Moved explanation of normalized buffers to rules introduction 7 years ago