suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	82ac72782d	doc/userguide: update app-proto list	5 years ago
Victor Julien	e6330c354d	doc/userguide: list valid rule actions	5 years ago
Jeff Lucovsky	5e4aa5b851	doc: Improve tos description This commit improves the description of the `tos` keyword by emphasizing that the value used should adhere to the guidelines in RFC2474. Instead of specifying the DSCP value directly, right shift the DSCP value and use that.	5 years ago
Jeff Lucovsky	3005dca3fd	doc: pcrexform documentation	5 years ago
Jason Ish	a77662bdbf	userguide: remove old drop-log documentation Redmine issue: https://redmine.openinfosecfoundation.org/issues/2381	5 years ago
Jason Ish	8997a114cb	userguide: RDP now enabled by default Redmine issue: https://redmine.openinfosecfoundation.org/issues/3255	5 years ago
Jason Ish	3eb0461abd	userguide: SIP now enabled by default Redmine issue: https://redmine.openinfosecfoundation.org/issues/3256	5 years ago
Victor Julien	d0526e71c0	doc/userguide: add IPS with BPF info, minor cleanups	5 years ago
Jason Ish	6b8320d1c0	doc: document file-store v1 to v2 configuration changes	6 years ago
Jason Ish	6850dbc852	suricata.yaml: remove filestore v1 configuration	6 years ago
Jason Ish	0dd1b2a616	doc: typo: http.server_body should be http.response_body Thanks to Jason Williams for pointing this out.	6 years ago
Victor Julien	a611ae2102	doc/perf: minor improvements	6 years ago
Andreas Herz	1d9db2b5f9	doc: add performance analysis section	6 years ago
Sascha Steinbiss	5598ff5bb3	doc/install: refer to buster as Debian stable	6 years ago
Todd Mortimer	6b4d32c6bb	doc: Update documentation for by_rule and by_both thresholds.	6 years ago
Victor Julien	e97cdb48f3	decode/teredo: implement port support Implement support for limiting Teredo detection and decoding to specific UDP ports, with 3544 as the default. If no ports are specified, the old behaviour of detecting/decoding on any port is still in place. This can also be forced by specifying 'any' as the port setting.	6 years ago
Jeff Lucovsky	4ad6c5421a	doc: fix documentation typos	6 years ago
Jeff Lucovsky	bc01392e93	doc: Update byte_test documentation	6 years ago
Frank Honza	1c8943dedd	add RFB parser This commit adds support for the Remote Framebuffer Protocol (RFB) as used, for example, by various VNC implementations. It targets the official versions 3.3, 3.7 and 3.8 of the protocol and provides logging for the RFB handshake communication for now. Logged events include endpoint versions, details of the security (i.e. authentication) exchange as well as metadata about the image transfer parameters. Detection is enabled using keywords for: - rfb.name: Session name as sticky buffer - rfb.sectype: Security type, e.g. VNC-style challenge-response - rfb.secresult: Result of the security exchange, e.g. OK, FAIL, ... The latter could be used, for example, to detect brute-force attempts on open VNC servers, while the name could be used to map unwanted VNC sessions to the desktop owners or machines. We also ship example EVE-JSON output and keyword docs as part of the Sphinx source for Suricata's RTD documentation.	6 years ago
Philippe Antoine	6251deae21	doc: adds doc for ipv4.hdr signature keyword	6 years ago
Philippe Antoine	1cd314c500	detect: adds icmpv6.mtu keyword	6 years ago
Jeff Lucovsky	e14447d594	docs/napatech: Correct typo	6 years ago
Shivani Bhardwaj	c5cee05169	doc: Fix typo Generate -> Generator	6 years ago
Philippe Antoine	8396333493	detect: adds icmpv6.hdr keyword	6 years ago
Philippe Antoine	af1361a988	doc: add missing documentation for ipv6.hdr keyword	6 years ago
Jason Ish	d3f6a95b56	doc: removed unified2 output	6 years ago
Jeff Lucovsky	8c132c0b87	doc: Correct RST quote usage Corrects misplaced backticks preventing proper formatting of `mpm-algo` section.	6 years ago
Jeff Lucovsky	3385859176	doc/userguide: Update for dump-features	6 years ago
Phil Young	3fbcacf9a8	napatech: documentation hardware based bypass support Napatech hardware bypass support enables Suricata to utilize capabilities of Napatech SmartNICs to selectively bypass flow-based traffic.	6 years ago
Shivani Bhardwaj	700eebaecc	doc/conf: Update copyright and regex for version Make the new regex in compliance with the modern autoconf syntax. Closes redmine ticket #3423	6 years ago
jason taylor	1666bc0ad1	doc: minor capitalization fix Signed-off-by: jason taylor <jtfas90@gmail.com>	6 years ago
jason taylor	4f7dc4f136	doc: add bsize documentation and rule example Signed-off-by: jason taylor <jtfas90@gmail.com>	6 years ago
Daisu	fccdb1c642	doc/commandline: -i option is useable several times	6 years ago
Steven Hostetler	4ac5ab00b7	doc/install: fix geoip typo	6 years ago
Victor Julien	411dd69e92	doc/eve: layout and formatting fixes	6 years ago
Jason Williams	55a36c79ff	doc: update http keywords documentation	6 years ago
jason taylor	95237f9894	docs: update datasets examples Signed-off-by: jason taylor <jtfas90@gmail.com>	6 years ago
EmilienCourt	50bb8d4cb2	doc: fix typo on example Quotes have been forgotten in the dnp3.data example, which throws an SC_ERR_INVALID_SIGNATURE(39) if used like in the example.	6 years ago
Eric Leblond	9ef2f81ee7	doc/userguide: fix typo	6 years ago
Eric Leblond	821d590f5b	doc/userguide: fix base64 example Add a sticky buffer example and fix the content modifier one.	6 years ago
Pascal Delalande	8e6a2bd42e	doc: removal of disable-rust and path typo for suricatasc	6 years ago
Victor Julien	d5ae68afc2	doc: fix version in install doc	6 years ago
Victor Julien	1c27a99827	doc: add upgrade page	6 years ago
Jason Ish	718fcbb682	doc: document eve/dns v2 as the default Adds eve/dns v2 format documentation. Update legacy format to require the version field.	6 years ago
Philippe Antoine	6921608673	http: updates suricata.yaml comments As well as the userguide documentation about suricata.yaml	6 years ago
Jason Ish	9111b9df57	doc: cleanup enging logging Attempt cleanup the engine logging a bit. Also a include a verbatim excerpt of the default configuration here for reference purposes.	6 years ago
Jason Ish	c97195bf0b	doc: -v verbose option documentation update Update -v documentation to reflect the new behaviour discussed in bug #1851 where -v changes the log level to fixed levels instead of an offset of the default log level configured in suricata.yaml.	6 years ago
Konstantin Klinger	808ea0dba9	app-layer: remove obsolete msn protocol detection	6 years ago
Victor Julien	6d2bd6607e	datasets: make clear the feature is experimental	6 years ago
Jeff Lucovsky	17c3e22ecd	doc/eve.alert: Expand metadata description	6 years ago
Victor Julien	4061bf5ceb	doc/datasets: update example config to map	6 years ago
Victor Julien	029683cbac	doc: reformat linux ips guide	6 years ago
Eric Leblond	6d9416148b	doc: add nftables IPS configuration	6 years ago
Eric Leblond	82eb669205	doc: information about scaling AF_PACKET IPS mode	6 years ago
Eric Leblond	ffe81dc9f2	doc: add info about AF_PACKET IPS Based on https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/ Also fix some typo in Netfilter setup.	6 years ago
Jason Ish	0cd5452194	doc: mark independent json loggers as deprecated This is the loggers such as alert-json-log, dns-json-log, etc. They are not even referenced in the default configuration file, and are easily replaced with multiple eve instances.	6 years ago
Jason Ish	212252faf2	doc/drop.log: mark as deprecated and scheduled to be removed Also make sure options are in sync with those in suricata.yaml.	6 years ago
Jason Ish	5345379d14	doc/unified2: add deprecation/removal notice	6 years ago
Jason Ish	873bc290bc	doc/filestore(v1) - make deprecation text a note Highlights that is is deprecated in the HTML output.	6 years ago
Jason Ish	7f32822843	doc/filestore(v1) - document force-filestore field	6 years ago
Jeff Lucovsky	44a59b78c7	doc/anomaly Remove event_no	6 years ago
Victor Julien	be6cdd37f8	stream: remove fix stream.depth references	6 years ago
Peter Manev	10819ed892	doc: Update tuning considerations doc	6 years ago
Peter Manev	6df1001957	doc: Update high performance config doc	6 years ago
Victor Julien	bd2f1e15fd	doc/stats: minor clarrifications on 5.0 defaults	6 years ago
Victor Julien	42438ec08e	doc/userguide: add quickstart to dist	6 years ago
Giuseppe Longo	dd5d0afd79	doc: add SIP keywords	6 years ago
Jason Ish	d3e2cc9926	doc: document dns.opcode keyword	6 years ago
Jason Ish	daed788d49	doc: Replace dns_query with dns.query.	6 years ago
Giuseppe Longo	972be0a560	doc: update file-extraction section	6 years ago
Travis Green	798d874662	doc: fix whitespace	6 years ago
Victor Julien	6aa2d550a1	doc/dotprefix: fix example rules	6 years ago
Jeff Lucovsky	ab3d6328ba	detect/transform: add dotprefix keyword to doc	6 years ago
Victor Julien	df325d63ea	doc/eve.anomaly: fix indent and general formatting	6 years ago
Jeff Lucovsky	075592b66f	doc: Simplified anomaly configuration settings	6 years ago
Jeff Lucovsky	aaacbf28c2	logging/anomaly: Support configuration filter types	6 years ago
Eric Leblond	35bc73e4e2	doc: change eBPF directory path	6 years ago
Zach Kelly	caef8b5b38	protocol parser: rdp Initial implementation of feature 2314: 1. Add protocol parser for RDP 2. Add transactions for RDP negotiation 3. Add eve logging of transactions	6 years ago
Andreas Herz	d657fd9bf0	doc: add quickstart guide	6 years ago
Victor Julien	d5009c5d8c	doc/stream: briefly explain bypass	6 years ago
Jason Ish	0bb07b550c	userguide: remove section on using Oinkmaster Users should be using Suricata-Update now.	6 years ago
Travis Green	3f146cdd7e	doc: add endswith keyword docs	6 years ago
Travis Green	9f8dcad287	doc: update of ssh-kewords documentation Modifies ssh-keywords.rst to fix syntax error in example rule as well as update descriptions to indicate older keywords have been deprecated.	6 years ago
Jason Ish	9488002a0d	doc: use describe instead of option for old Sphinx Older versions of Sphinx will generate duplicate IDs when you have options like: .. option:: some-option .. option:: some-other-option The version of Sphinx provided on CentOS 7 has this issue, newer versions of Sphinx do not. As CentOS 7 is still a popular distribution, change ".. option" to ".. describe" which has the same visual output, but does not generate links.	6 years ago
Victor Julien	e36a963196	datasets/doc: minor fixes and clarifications	6 years ago
Victor Julien	0107b9a057	doc/dataset: initial documentation	6 years ago
Victor Julien	1bc738fbe4	doc: typo fixes By @espritlibre and @Zeal0us	6 years ago
Nick Price	d0a85b7550	ja3: Mention LibNSS dependency for JA3	6 years ago
Eric Leblond	cc28d24e9a	doc: install eBPF files in share directory Following proposal by Sascha Steinbiss, let's use /usr/share/suricata to store the eBPF files.	6 years ago
Eric Leblond	3cf49ae868	doc: fix English and some typos	6 years ago
Eric Leblond	4be6701836	doc: pointer to bpfctrl As bpfctrl is currently the easiest way to manage pinned maps, let's point to it. We will switch doc to suricatacl once support has been added.	6 years ago
Eric Leblond	8f1a7de791	doc: improve doc on compiling with eBPF support	6 years ago
Eric Leblond	f1ab27b7cb	doc: improve XDP cpu redirect documentation	6 years ago
Eric Leblond	6d9ac64f7b	doc: only balance by ip pair As there is some issue with defrag, let's recommend to only do IP pair load-balacing for RSS	6 years ago
Eric Leblond	a1d3835b86	doc: document filter.bpf changes Also adds some info to explain maps.	6 years ago
Eric Leblond	08397e07f1	doc: fix typos in geoip doc	6 years ago
Eric Leblond	0d5608bab2	doc: fix display of icmp code and type array	6 years ago
Eric Leblond	0c84591afe	doc: use a table to list direction filter in geoip	6 years ago
Eric Leblond	c01cadbade	doc: fix geoip syntax Spaces are not allowed before country code.	6 years ago
Vinjar Hillestad	4c18fee3c6	Documenting base64_decode and base64_content base64 doc changes based on #4027 pull feedback	6 years ago

1 2 3 4 5 ...

471 Commits (f0f578444e38f11cb4ec7d37ed200cbeef480d51)