aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,542 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd853972c74'
${ noResults }
Commit Graph

393 Commits (d853972c744c789abbb61fa8e2fb567f4f6456ec)

Author SHA1 Message Date
Juliana Fajardini 6e4a501e7c flowint: add isnotset support 
Similar keywords use `isnotset`, while `flowint` only accepted `notset`
Opted to change the code, not only the regex, to keep the underlying
code also following the same patterns.

Task #7426
 3 months ago
Jason Ish 289ff25f5b requires: support requires check for keyword 
For example:

    requires: keyword foo;

Will require that Suricata supports the "foo" keyword.

Ticket: #7403
 3 months ago
Jason Ish 820a3e51b7 requires: treat unknown requires keywords as unmet requirements 
For example, "requires: foo bar" is an unknown requirement, however
its not tracked, nor an error as it follows the syntax. Instead,
record these unknown keywords, and fail the requirements check if any
are present.

A future version of Suricata may have new requires keywords, for
example a check for keywords.

Ticket: #7418
 3 months ago
Philippe Antoine 4ec90bd227 detect: absent keyword to test absence of sticky buffer 
Ticket: 2224

It takes an argument to match only if the buffer is absent,
or it can still match if the buffer is present, but we test
the absence of some content.

For multi buffers, absent matches if there are 0 buffers.

For file keywords, absent matches if there is no file.
 3 months ago
Juliana Fajardini 1860aa81e6 userguide: fix integer keyword matches list format 
List wasn't being properly rendered.
 4 months ago
Philippe Antoine e47598110a detect/datasets: implement unset command 
Ticket: 7195

Otherwise, Suricata aborted on such a rule
 5 months ago
Giuseppe Longo 036b68b0a9 doc: add new sip keywords 5 months ago
jason taylor f46a8776ec doc: add note about big endian for icmp_seq match 5 months ago
Philippe Antoine 0ebb84538e http2: add frames support 
Ticket: 5743

Why ? To add detection capabilities
 6 months ago
Juliana Fajardini 246acc7140 userguide: clarify flow:stateless explanation 
While not incorrect, the previous wording made the sentence almost
paradoxical. While at it, also highlight a side effect that might not be
so clear to users.

Related to
Bug #6976
 7 months ago
Philippe Antoine 62a186ceef detect/rfb: move keywords to rust 
Ticket: 7178

On the way, convert rfb.secresult to a generic integer with enumeration
cf ticket 6723
 7 months ago
Philippe Antoine 0b2ed97f36 ssh: frames support 
Ticket: 5734

Adds frames for SSH records, that come after banner, and before
the data is encrypted.
These records may contain cipher lists for instance.
 7 months ago
Philippe Antoine bce8f4b853 detect/ssh: remove deprecated keywords 
Ticket: 2377
 8 months ago
Philippe Antoine 0a1062fad2 detect/mqtt: move keywords to rust 
Ticket: 4863

On the way, convert some keywords to use the first-class integer
support.
And helpers for pure rust the support for multi-buffer.

Move the C unit tests about keyword mqtt.protocol_version
to unit tests for generic integer parsing, and test version 5
instead of testing twice version 3.

Also iterate all tx's messages for reason code as is done for other
keywords.

And allow detection on empty topics.
 8 months ago
Victor Julien afc318737a doc/userguide: document threshold backoff type 8 months ago
Victor Julien e362a01f8d doc/userguide: document new threshold config options 8 months ago
Victor Julien 405491c3fc detect/detection_filter: add support for track by_flow 8 months ago
Victor Julien 3f04af7c7f doc: add thresholding by_flow 8 months ago
Jeff Lucovsky 01e20c91fb doc/transform: Correct typo 8 months ago
Jeff Lucovsky d205ff82d0 doc/transform: Describe the from_base64 transform 
Issue: 6487

Document the new transform and indicate that it's the preferred way to
perform base64 decoding (preferred over base64_decode)
 8 months ago
Victor Julien 3d059611c3 detect: add tls.alpn keyword 
Ticket: #7108.
 8 months ago
Philippe Antoine ae72376ebe detect/snmp: move keywords to rust 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
 9 months ago
Victor Julien 8b42182fee doc/userguide: document iprep isset/isnotset 9 months ago
Victor Julien 2f74d435d3 doc/userguide: add more operators to iprep 9 months ago
Victor Julien 50ef646d45 doc/userguide: add noalert/alert keyword docs 9 months ago
Victor Julien c83e3285ae doc/userguide: give pcre1 to pcre2 proper heading 9 months ago
Philippe Antoine 82c03f72c3 enip: convert to rust 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
 9 months ago
Victor Julien 17b32f98d7 doc/userguide: fix rule container typo 
Fixes: 8781e9352a ("doc/userguide: add documentation for SMTP frames")
 9 months ago
Victor Julien 8781e9352a doc/userguide: add documentation for SMTP frames 9 months ago
Jason Ish 3eb8c728fd doc: update lua sandbox docs for allowed packages/functions 9 months ago
Jo Johnson ba6a976e06 doc: Initial doc for lua sandbox 9 months ago
Jo Johnson 712496bb3f lua: Remove luajit support 
lua 5.4 support is not available in luajit

Ticket: #4776
 9 months ago
Shivani Bhardwaj 719fda3967 doc: add description about tls.subjectaltname 
Feature 5234
 9 months ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 10 months ago
Philippe Antoine fcdd7f000a detect: add options to app-layer-protocol keyword 
Ticket: 4921

app-layer-protocol keyword accept an optional mode to precise
which protocol we want to match: toclient, toserver, final,
or original
 10 months ago
Shivani Bhardwaj 6d92596548 doc: add note about fast_pattern w base64_data 
Bug 5220
 10 months ago
jason taylor abb74245cc doc: update normalization notes 
Ticket: #6781

Signed-off-by: jason taylor <jtfas90@gmail.com>
 10 months ago
jason taylor 5dacf4d92b doc: add http.connection ref and fix location 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 10 months ago
Victor Julien fcca5c7514 detect/iprep: update doc about 0 value 
A value of 0 was already allowed by the rule parser, but didn't
actually work.

Bug: #6834.
 10 months ago
jason taylor aa919f8081 doc: update flowbits information 
Ticket: #6991

Signed-off-by: jason taylor <jtfas90@gmail.com>
 10 months ago
Philippe Antoine 44b6aa5e4b app-layer: websockets protocol support 
Ticket: 2695
 11 months ago
Sascha Steinbiss 120313f4da ja4: implement for TLS and QUIC 
Ticket: OISF#6379
 11 months ago
Jeff Lucovsky 7a5a1e2560 doc: Describe noalert keyword 
Issue: 6685
 11 months ago
jason taylor 7de16809ef doc: update http keyword listing order 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 8b3db3c3b5 doc: update file.name keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 49dba7bb94 doc: update file.data keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor bee3aa9709 doc: update http.response_header keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor dcb548106e doc: update http.request_header keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 3f5d228b9e doc: update http.host http.host.raw keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 739dfe5e5e doc: update http.location keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago