aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,066 Commits
7 Branches
161 Tags
170 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-4.1.0-rc1'
${ noResults }
Commit Graph

9066 Commits (suricata-4.1.0-rc1)
 

Author SHA1 Message Date
Victor Julien 26e807ca34 doc: fix http_header_names example 8 years ago
Victor Julien 1e56cfe08e threshold: don't touch globals after init 
Don't free/reinit pcre globals per tenant. Others may be using them
at the same time, or try to free/reinit them at the same time.
 8 years ago
Mats Klepsland efdc592172 detect-tls-sni: use *_Register2 API functions 
Use *_Register2 API functions when registering 'tls_sni' detection
keyword.
 8 years ago
Mats Klepsland b479d1d47c detect-tls-cert-serial: use *_Register2 API functions 
Use *_Register2 API functions when registering 'tls_cert_serial'
detection keyword.
 8 years ago
Mats Klepsland 5c96e1df95 detect-tls-cert-subject: use *_Register2 API functions 
Use *_Register2 API functions when registering 'tls_cert_subject'
detection keyword.
 8 years ago
Mats Klepsland b1dd41c9cd detect-tls-cert-issuer: use *_Register2 API functions 
Use *_Register2 API functions when registering 'tls_cert_issuer'
detection keyword.
 8 years ago
Mats Klepsland c3a329d6e9 detect-tls-cert-fingerprint: use *_Register2 API functions 
Use *_Register2 API functions when registering 'tls_cert_fingerprint'
detection keyword.
 8 years ago
Victor Julien 53f63f7498 nfs/rpc: improve RPCv2 parser, add GssApi 
Improve RPCv2 credentials parsing. Add GssApi and turn creds into
an enum.

Minor cleanups and optimizations.
 8 years ago
Victor Julien 47ebef3af8 nfs: minor cleanup 8 years ago
Antoine LUONG 56e7afc4f7 prelude: swap msg and class_msg in Prelude alert 8 years ago
Antoine LUONG caa2903f1f prelude: fix duplicated analyzer in Prelude alert 8 years ago
Danny Browning 697a5a1978 pcap/file: fix missing files stopping engine #2451 
https://redmine.openinfosecfoundation.org/issues/2451

When a missing (or empty named) file is passed to source-pcap-file while
using unix socket, the pcap processing thread will incorrectly be stopped,
and no longer available for subsequent files.
 8 years ago
Alexander Gozman 2cf2387e31 rules: optimize bidir rules with same src/dst 
As an optimization, reset bidirectional flag for rules with same src and dst.
If one created bidirectional rule like 'alert tcp any any <> any any ...',
the rule was checked twice (for each packet in every direction). This is
suboptimal and may give duplicated alerts. To avoid this, bidirectional
rules are now checked for the same src and dst (addresses and ports) and
if it's the case, the rule is treated as unidirectional and a corresponding
message is logged.
 8 years ago
Eric Leblond 0a72d5be96 doc: fix typo in unix socket doc 
Also fixes a dead link to code.
 8 years ago
Eric Leblond 975f413308 doc: more info on unix socket rule reload 8 years ago
Eric Leblond e2aab10d29 doc: fix typo in ebpf xdp doc 8 years ago
Eric Leblond 66b37d8689 suricata.yaml: fix some spelling mistakes 8 years ago
Victor Julien ba24bb82fa der: don't overwrite errcode 
If the code has already been set it is more detailed than the more
generic 'invalid object'.
 8 years ago
Jason Ish cbcbc0f6b0 suricata-update: bundle suricata update 
Add autoconf/automake support for installing suricata-update
if found in the top level suricata-update.
 8 years ago
Mats Klepsland c130820bff conf: user-configurable umask setting 
Make umask user-configurable by setting 'umask' in suricata.yaml.
 8 years ago
Pierre Chifflier 3140e4598a DER parser: ensure errcode is set for every return path 8 years ago
Pierre Chifflier 2d34e402c0 DER parser: fix undefined behaviors and add missing length tests 
Fix several undefined behaviors, caused by possible use or read of
uninitialized memory.
 8 years ago
Antti Tönkyrä d6a98aa1c3 stream-tcp: add counters for midstream pickups 
If midstream pickups are enabled this will help in discovering how
many midstream pickups are being done by Suricata.
 8 years ago
Mats Klepsland 47a7ebbbc2 doc: add JA3 fields to the TLS logger documentation 8 years ago
Mats Klepsland d55e455504 eve: add JA3 fields to TLS JSON logger 
Add JA3 object to TLS JSON logger (extended log).
 8 years ago
Mats Klepsland fb0bfb614f doc: add documentation for Ja3GetString Lua function 8 years ago
Mats Klepsland 8339ed338f lua: add Ja3GetString function 
Add Ja3GetString() to return the content of the JA3 string buffer from the
TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3_string.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3_string = Ja3GetString()
      if ja3_string == nil then
          return
      end

      file:write(ja3_string .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end
 8 years ago
Mats Klepsland 2514553098 doc: add documentation for Ja3GetHash Lua function 8 years ago
Mats Klepsland 195fa9d272 lua: add Ja3GetHash function 
Add Ja3GetHash() to return the content of the JA3 hash buffer from the
TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3_hash.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3_hash = Ja3GetHash()
      if ja3_hash == nil then
          return
      end

      file:write(ja3_hash .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end

In the (useless) example above, each JA3 hash is logged to a log file.
 8 years ago
Mats Klepsland a357f52fa5 doc: add documentation for ja3_string keyword 8 years ago
Mats Klepsland 6e23ae230b detect: add (mpm) keyword ja3_string 
Match on JA3 string using ja3_string keyword, e.g:

alert tls any any -> any any (msg:"JA3 string test";
        ja3_string; content:"65-68-69-102"; sid:1;)
 8 years ago
Mats Klepsland 38cc6f595f doc: add documentation for ja3_hash keyword 8 years ago
Mats Klepsland 6c7aacce9e detect: add (mpm) keyword ja3_hash 
Match on JA3 hash using ja3_hash keyword, e.g:

alert tls any any -> any any (msg:"JA3 hash test";
        ja3_hash;
        content:"e7eca2baf4458d095b7f45da28c16c34";
        sid:1;)
 8 years ago
Mats Klepsland d4af90032e util-ja3: add function to check if JA3 is disabled 8 years ago
Mats Klepsland 0c16cd0120 app-layer-ssl: generate JA3 fingerprints 
Decode additional fields from the client hello packet and generate
JA3 fingerprints.
 8 years ago
Mats Klepsland 3f0dea582d app-layer-ssl: split function into multiple smaller functions 
Split 'TLSDecodeHandshakeHello' into smaller functions to make
it easier to read the code when the function grows in size.
 8 years ago
Victor Julien ea1e13cb00 smb: suppress notice messages 8 years ago
Pierre Chifflier 576b8ef722 SMB: simplify code 8 years ago
Pierre Chifflier cf5de0c58e SMB: use String::from_utf8_lossy in logging functions 8 years ago
Pierre Chifflier b5529e4ffb SMB: use kerberos-parser to extract Real and PrincipalName 8 years ago
Victor Julien 0dfb3f0e7f smb1: extract rename info from TRANS2 
Exclude TRANS2 from generic TX lookup bypass.
 8 years ago
Victor Julien 8eeda113c8 smb1: add parsing for RENAME command 8 years ago
Victor Julien 7b61f2c589 smb2: log renames 8 years ago
Victor Julien 15978d4e85 smb: if filename is missing, use '<unknown>' 8 years ago
Victor Julien c60decd678 rust/dns: default to eve log version 2 for rust 8 years ago
Jason Ish 27fd521420 eve/dns/v2: support eve/dns v2 in rust 8 years ago
Jason Ish 57d9574839 rust/json: expose more of jansson to rust 8 years ago
Jason Ish dfdfc478ab eve/dns-v2: only log responses for enabled types 
This changes the logic a bit for v2, checking the rrtype of the
query to see if the response should be logged.
 8 years ago
Jason Ish 769f972185 eve/dns-v2: log authorities as a list 
Log the authorities just like the answers, as a list under
the authorities key.
 8 years ago
Giuseppe Longo fb66d45754 doc: introduce dns compact logging 8 years ago