aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,160 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd0a85b7550'
${ noResults }
Commit Graph

46 Commits (d0a85b75508a208c671412fe4d71e6a9a994c556)

Author SHA1 Message Date
Jeff Lucovsky a66383569c userguide: formatting: remove tabs 6 years ago
Jeff Lucovsky c68510437f userguide: ftp formatting updates 6 years ago
Jeff Lucovsky 2149807bd6 eve/ftp: Transaction support for unmatched requests 
Modified transaction logic to create a new transaction with each
request; replies location transactions by using the oldest "open"
(unmatched) transaction or the last transaction if none are open.
 6 years ago
Jeff Lucovsky 1930b1f504 eve/ftp: Log FTP transactions 
This changeset includes changes that
1. Add transaction support to the FTP parser
2. Support eve json logging of FTP transactions
 6 years ago
Jeff Lucovsky 6cd39c5cfb userguide: Document app-layer anomaly items 
This changeset expands the anomaly section to include newly added
app-layer items.
 6 years ago
Eric Leblond dbf3606169 doc: document flow event_type 6 years ago
Mats Klepsland 800608ab65 userguide: add JA3S fields to the TLS logger documentation 6 years ago
Jeff Lucovsky 8a94b93b7b doc: Anomaly logging documentation 
This changeset adds discussion of anomaly log records and
the anomaly log record format.
 6 years ago
Pascal Delalande bde65467a9 doc: add ssh protocol in eve log section 6 years ago
Victor Julien c47164ebc8 doc: add table for custom values of eve/http 6 years ago
Maurizio Abba 6c0ec0b2f3 eve/http: add request/response http headers 
Add a keyword configuration dump-all-headers, with allowed values
{both, request, response}, dumping all HTTP headers in the eve-log http
object. Each header is a single object in the list request_headers
(response_headers) with the following notation:

{
    "name": <header name>,
    "value": <header value>
}

To avoid forged malicious headers, the header name size is capped at 256
bytes, the header value size at 2048.

By default, dump-all-headers is disabled.
 6 years ago
Victor Julien 473688746b doc/eve: add community id 6 years ago
Maurizio Abba bce7c2dd87 eve/http: add tx->request_port_number as http_port 
Add the port specified in the hostname (if any) to the http object in
eve. The port may be different from the dest_port used by the TCP flow.
 7 years ago
Pascal Delalande 4f48927c44 doc: spelling mistakes in various sections of the user guide 7 years ago
Pascal Delalande e3c5784dd5 doc: minor updates (tls custom, TODO removal, ftp/smb file rules) 7 years ago
Victor Julien 83bf60d897 doc: add ntlmssp, kerberos and other setup fields 7 years ago
Victor Julien e09027915a doc: fix json formatting in smb doc 7 years ago
Victor Julien 67e81a9555 doc: initial smb eve documentation 7 years ago
Mats Klepsland 47a7ebbbc2 doc: add JA3 fields to the TLS logger documentation 7 years ago
Giuseppe Longo fb66d45754 doc: introduce dns compact logging 7 years ago
Victor Julien 50a182194a eve: log pcap filename 7 years ago
Pascal Delalande 2e5b293afb doc: update eve json output for DNS and HTTP 7 years ago
Jason Ish 74e036d09f doc: update eve/alert/metadata configuration 7 years ago
Martin Natano fe9cac5870 eve/alert: include rule text in alert output 
For SIEM analysis it is often useful to refer to the actual rules to
find out why a specific alert has been triggered when the signature
message does not convey enough information.

Turn on the new rule flag to include the rule text in eve alert output.
The feature is turned off by default.

With a rule like this:

    alert dns $HOME_NET any -> 8.8.8.8 any (msg:"Google DNS server contacted"; sid:42;)

The eve alert output might look something like this (pretty-printed for
readability):

    {
      "timestamp": "2017-08-14T12:35:05.830812+0200",
      "flow_id": 1919856770919772,
      "in_iface": "eth0",
      "event_type": "alert",
      "src_ip": "10.20.30.40",
      "src_port": 50968,
      "dest_ip": "8.8.8.8",
      "dest_port": 53,
      "proto": "UDP",
      "alert": {
        "action": "allowed",
        "gid": 1,
        "signature_id": 42,
        "rev": 0,
        "signature": "Google DNS server contacted",
        "category": "",
        "severity": 3,
        "rule": "alert dns $HOME_NET any -> 8.8.8.8 any (msg:\"Google DNS server contacted\"; sid:43;)"
      },
      "app_proto": "dns",
      "flow": {
        "pkts_toserver": 1,
        "pkts_toclient": 0,
        "bytes_toserver": 81,
        "bytes_toclient": 0,
        "start": "2017-08-14T12:35:05.830812+0200"
      }
    }

Feature #2020
 7 years ago
Eric Leblond 72c8cd67d5 doc: documentation update on metadata 7 years ago
Jason Ish ab939f4aaa doc: breakout eve-log section to a partial file 
Both the suricata.yaml and eve configuration sections
included the eve-log section from suricata.yaml. First,
sync these up with the actual suricata.yaml then break
it out into its own file, so only one file needs to
be kept in sync with the actual configuration file.
 7 years ago
Pascal Delalande 80f2fbac6e rust/tftp: eve logging with rust 7 years ago
Pascal Delalande 0c99338e07 doc: update docs for DNS flags logging 7 years ago
Julian f27b4fc8fe redis: support for rpush in list mode 
This adds a new redis mode rpush. Also more consistent config keywords orientated at the redis command: lpush and publish.
Keeping list and channel config keywords for backwards compatibility
 8 years ago
Jason Ish 59d69666ea doc: add more details to log rotation doc 8 years ago
Eric Leblond b763c7ec11 doc: document http-body logging 8 years ago
Eric Leblond 9e581436a7 doc: info about new config for alert events in EVE 8 years ago
Eric Leblond ef88689f1e doc: add app_proto to alert event 8 years ago
Eric Leblond f4374ffd0b doc: some more info about alert format 8 years ago
Ray Ruvinskiy 7539973109 tls: logging for session resumption 
We assume session resumption has occurred if the Client Hello message
included a session id, we have not seen the server certificate, but
we have seen a Change Cipher Spec message from the server.

Previously, these transactions were not logged at all because the
server cert was never seen.

Ticket: https://redmine.openinfosecfoundation.org/issues/1969
 8 years ago
fooinha 36667ab8a1 doc: async mode for redis eve output 
async: true ## if redis replies are read asynchronously
 8 years ago
Mats Klepsland 8b9f84bff2 doc: add documentation for date modifiers in eve-log 8 years ago
Mats Klepsland 37a12fe799 doc: add documentation for eve-log file rotation 8 years ago
Mats Klepsland 3b23387664 doc: add documentation for eve-log file permissions 8 years ago
Mats Klepsland ee9f822b8e doc: add documentation for tls_cert_serial keyword 8 years ago
Mats Klepsland e91bb09c91 doc: add documentation for TLS eve-log 8 years ago
Mats Klepsland 6a382259f8 doc: documentation for custom JSON flags in eve-log 8 years ago
Victor Julien 4126fd82a0 doc: small eve update: add dns 9 years ago
Victor Julien aaf0fe4d29 doc: eve update 9 years ago
Andi 8e655cf107 eve-json-format: add newest version from the wiki 
This was added by pevma in the wiki, so should go into the sphinx doc as well.
 9 years ago
Jason Ish 2751baae46 doc: rename from "sphinx" to "userguide" 9 years ago