aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,087 Commits
7 Branches
155 Tags
200 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fb019213e7'
${ noResults }
Commit Graph

408 Commits (fb019213e72a5bc2dfaac2c56af969e86b5a0336)

Author SHA1 Message Date
Victor Julien 96c6cf98d5 doc/userguide: add 3rd-party-integration to dist 6 years ago
Victor Julien f1c83c3308 doc/userguide: new 3rd party section, add bluecoat 
Add Symantec SSLV (bluecoat) doc to new 3rd party section for
documenting integrating Suricata with 3rd party tools.
 6 years ago
Bryant Smith 398133b6ce doc: add byte_* documentation to the userguide 
Added byte_test, byte_jump and byte_extract description and example rules
 6 years ago
Victor Julien d6903e70c1 file-log: remove and add warning 
Feature was deprecated and scheduled for removal.

Ticket #2376
 6 years ago
Eric Leblond 83a8df90f3 doc: improvement of xbits documentation page 6 years ago
Eric Leblond 43ede4db7f doc: xbits:noalert is not a valid syntax 6 years ago
Shivani Bhardwaj 2483331a5d doc/unix-socket: Add missing commands and detail 
Add missing commands and their corresponding details in unix-socket
userguide.

Closes redmine ticket #2800
 6 years ago
Victor Julien c47164ebc8 doc: add table for custom values of eve/http 6 years ago
Victor Julien 6fcd2db043 tile: remove files 6 years ago
Victor Julien 517b45ea2d netmap: switch to nm_* API 
Process multiple packets at nm_dispatch. Use zero copy for workers
recv mode.

Add configure check netmap check for API 11+ and find netmap api version.

Add netmap guide to the userguide.
 6 years ago
Maurizio Abba 6c0ec0b2f3 eve/http: add request/response http headers 
Add a keyword configuration dump-all-headers, with allowed values
{both, request, response}, dumping all HTTP headers in the eve-log http
object. Each header is a single object in the list request_headers
(response_headers) with the following notation:

{
    "name": <header name>,
    "value": <header value>
}

To avoid forged malicious headers, the header name size is capped at 256
bytes, the header value size at 2048.

By default, dump-all-headers is disabled.
 6 years ago
Maurizio Abba 4697351188 smtp: create raw-extraction feature 
Add a raw-extraction option for smtp. When enabled, this feature will
store the raw e-mail inside a file, including headers, e-mail content,
attachments (base64 encoded). This content is stored in a normal File *,
allowing for normal file detection.
It'd also allow for all-emails extraction if a rule has
detect-filename:"rawmsg" matcher (and filestore).
Note that this feature is in contrast with decode-mime.

This feature is disabled by default, and will be disabled automatically
if decode-mime is enabled.
 6 years ago
Victor Julien eb73008ccf detect/transform: add to_sha1 keyword 6 years ago
Victor Julien 75f9c1ae9f detect/transform: add to_md5 keyword 6 years ago
Victor Julien b3c021f8d0 userguide: improve stats logging documentation 6 years ago
Pascal Delalande f2dca46382 doc: fix minor typo 6 years ago
Eric Leblond 7a121d9b4c doc: add _static dir to make dist 6 years ago
Travis Green c2adb9e669 doc: added tos keyword 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2583
 6 years ago
Victor Julien 9dd925a46a userguide/install: add rust, python-yaml to ubuntu 6 years ago
jason taylor fc395eb2c5 userguide: updated hyperscan version reference 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor 131112de13 doc: Remove gulp references 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor fc54d750dd doc: add bypass keyword documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Mats Klepsland be8c06adfd userguide: add documentation for ssl_version keyword 6 years ago
Victor Julien 85f2486e0b multi-tenant: document per tenant settings 6 years ago
Victor Julien 5afeebf884 doc/flow: updates and cleanups to flow section 6 years ago
Victor Julien 72dd4a5f92 doc/rules: initial transforms documentation 6 years ago
Victor Julien 226fe5cab3 doc/performance: redo runmodes explanation 6 years ago
Victor Julien 17e2d39531 doc/install: update Rust info in generic install overview 6 years ago
Victor Julien 473688746b doc/eve: add community id 6 years ago
Mats Klepsland e92fda37c9 doc: add documentation for SSH keywords 6 years ago
Pascal Delalande 64922a476e doc: remove deprecated force-md5 flag from userguide 6 years ago
jason taylor 7f4e5e6eac userguide: update hyperscan documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
Mats Klepsland 4d38d0844b doc: add documentation for Lua function 'TlsGetVersion' 7 years ago
Mats Klepsland 10fcc8d2ca doc: update tls.version documentation 7 years ago
Maurizio Abba bce7c2dd87 eve/http: add tx->request_port_number as http_port 
Add the port specified in the hostname (if any) to the http object in
eve. The port may be different from the dest_port used by the TCP flow.
 7 years ago
Eric Leblond 173e5a1c58 doc: iprep supports CIDR networks 7 years ago
Victor Julien 7c884e0850 doc: update multi-tentant for device feature 7 years ago
Danny Browning 2dc6b6ee14 source-pcap-file: delete when done (2417) 
https://redmine.openinfosecfoundation.org/issues/2417

Add option to have pcap files deleted after they have been processed.
This option combines well with pcap file continuous and streaming
files to a directory being processed.
 7 years ago
Jason Ish ede94e1f66 doc: alphabetize EXTRA_DIST 7 years ago
Jason Ish ff73d908aa doc: add window ips inline doc to extra_dist 7 years ago
Jason Ish d2142cf433 doc: make warnings errors when building man page 7 years ago
Jason Ish 01f477786e doc: link in windows ips setup page 7 years ago
Jacob Masen-Smith ec77632e84 Adds WinDivert support to Windows builds 
Enables IPS functionality on Windows using the open-source
(LGPLv3/GPLv2) WinDivert driver and API.

From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."

- adds `--windivert [filter string]` and `--windivert-forward [filter
    string]` command-line options to enable WinDivert IPS mode.
    `--windivert[-forward] true` will open a filter for all traffic. See
    https://www.reqrypt.org/windivert-doc.html#filter_language for more
    information.

Limitation: currently limited to `autofp` runmode.

Additionally:
- `tmm_modules` now zeroed during `RegisterAllModules`
- fixed Windows Vista+ `inet_ntop` call in `PrintInet`
- fixed `GetRandom` bug (nonexistent keys) on fresh Windows installs
- fixed `RandomGetClock` building on Windows builds
- Added WMI queries for MTU
 7 years ago
Chris Speidel 1e8959b465 doc: fix minor typo 7 years ago
Victor Julien 693a3df031 tls: document encrypt-handling option 
Document in sample yaml and user guide.
 7 years ago
Victor Julien c677e07d3e kerberos: minor doc updates, add author 7 years ago
Jason Ish fb85822730 dhcp: update user guide 7 years ago
Pierre Chifflier c51ff32adb Document Kerberos 5 parsing events 7 years ago
Pierre Chifflier 1076c7cd47 Add krb5_err_code detection keyword 7 years ago
Pierre Chifflier d6b9c0294a Add krb5_cname and krb5_sname detection keywords 7 years ago
Pierre Chifflier 0bd81ff838 Add krb5_msg_type detection keyword 7 years ago
Pierre Chifflier 1e5f5d405f Kerberos 5: add support for TCP as well 7 years ago
Pascal Delalande 4f48927c44 doc: spelling mistakes in various sections of the user guide 7 years ago
Max Fillinger ce270a8f6a Add info about pcap log compression to user guide 7 years ago
Eric Leblond e249ce29bb doc: add lua directory to Makefile 7 years ago
Victor Julien 4a90dced8e doc/lua: small update to the usage intro 7 years ago
Eric Leblond 2546e86a16 doc: document lua function about flow var 7 years ago
Eric Leblond 0c4bf2d332 doc: add a lua support top level section 
Both output and signature are using lua. So lua functions should
be displayed in a single section.
 7 years ago
Eric Leblond 293b00798e doc: document lua TLS functions 7 years ago
Pascal Delalande e3c5784dd5 doc: minor updates (tls custom, TODO removal, ftp/smb file rules) 7 years ago
Victor Julien 83bf60d897 doc: add ntlmssp, kerberos and other setup fields 7 years ago
Richard Sailer dc07c1fe13 lua output doc: Use more descriptive variable names in the examples 
This also removes the "args" parameter of the hooking functions in the examples,
since this parameter is unused in all functions.
It would not be very helpful anyways since 3 of the 4 functions don't get passed
any parameters. The only exception is init() which gets a table containing:
  script_api_ver = 1
 7 years ago
Richard Sailer 3307f7a94e lua output doc: Add explaining introduction text 7 years ago
Victor Julien e09027915a doc: fix json formatting in smb doc 7 years ago
Victor Julien 67e81a9555 doc: initial smb eve documentation 7 years ago
Victor Julien 78437375c4 doc: add by_either to suppress explanation 7 years ago
Victor Julien 2c259f2239 doc: add smb section to yaml 7 years ago
Victor Julien 13bdcd5249 doc: minor fix 7 years ago
Victor Julien 1edd9d19fc doc: add SMB to file extraction. Minor improvements. 7 years ago
Victor Julien b4771150b8 doc: update suricata-update screenshot 7 years ago
Victor Julien b531e7725d doc: improve suricata-update docs now that its bundled 7 years ago
Victor Julien ac1ed24cb4 doc: improve making sense of alerts 7 years ago
Victor Julien ccde621ceb doc: add suricata-update to intro for rules 7 years ago
Pierre Chifflier 6eb48e1e93 Add ikev2 to userguide 7 years ago
Victor Julien 26e807ca34 doc: fix http_header_names example 7 years ago
Eric Leblond 0a72d5be96 doc: fix typo in unix socket doc 
Also fixes a dead link to code.
 7 years ago
Eric Leblond 975f413308 doc: more info on unix socket rule reload 7 years ago
Eric Leblond e2aab10d29 doc: fix typo in ebpf xdp doc 7 years ago
Mats Klepsland 47a7ebbbc2 doc: add JA3 fields to the TLS logger documentation 7 years ago
Mats Klepsland fb0bfb614f doc: add documentation for Ja3GetString Lua function 7 years ago
Mats Klepsland 2514553098 doc: add documentation for Ja3GetHash Lua function 7 years ago
Mats Klepsland a357f52fa5 doc: add documentation for ja3_string keyword 7 years ago
Mats Klepsland 38cc6f595f doc: add documentation for ja3_hash keyword 7 years ago
Giuseppe Longo fb66d45754 doc: introduce dns compact logging 7 years ago
David DIALLO c2236ea2b3 modbus: Support Unit Identifier 
When destination IP address does not suffice to uniquely identify
the Modbus/TCP device.

Some Modbus/TCP devices act as gateways to other Modbus/TCP devices
that are behind this gateways.
 7 years ago
Victor Julien 50a182194a eve: log pcap filename 7 years ago
Pascal Delalande 2e5b293afb doc: update eve json output for DNS and HTTP 7 years ago
Brandon Sterne a01a229b37 doc: use standard spelling of daemon 7 years ago
Andreas Herz bdb886bd68 docs: remove many outdated and old install docs 7 years ago
Andreas Herz 2e8678a5ff docs: replace redmine links and enforce https on oisf urls 7 years ago
David DIALLO 6c643d8975 modbus: duplicate alerts unaware of direction 
Remove DetectAppLayerInspectEngineRegister for TOCLIENT direction
because Modbus inspection engine is only performing in request (TOSERVER).

Detect Value keyword in read access rule. In read access, match on value
is not possible.

Update Modbus keyword documentation.
 7 years ago
Eric Leblond 7da805ffd9 doc: improve eBPF and XDP doc 
Remove reference to `buggy` clang as a workaround has been found in
libbpf.

Proof read and add information on the structure of eBPF code.
 7 years ago
Eric Leblond 8030e3f66b doc: update documentation 
This patch adds info on kernel requirement for XDP and rework a few
things.
 7 years ago
Eric Leblond 0e1a4173ff doc: how to get live info about ebpf behavior 7 years ago
Eric Leblond 8c7b5cb088 doc: add info about xdp IPS bypass 7 years ago
Eric Leblond ce8b74b524 doc: document XDP CPU redirect 7 years ago
Eric Leblond 60265e023a doc: update xdp documentation 
Also remove configuration info from yaml as they are now in the
documentation.
 7 years ago
Peter Manev 5ee44c877c doc: add XDP setup documentation 7 years ago
Giuseppe Longo d2121945c9 doc: update file_data description 7 years ago
Jason Ish 74e036d09f doc: update eve/alert/metadata configuration 7 years ago