aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,817 Commits
7 Branches
161 Tags
169 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-4.1.10'
${ noResults }
Commit Graph

337 Commits (suricata-4.1.10)

Author SHA1 Message Date
Jeff Lucovsky 778a04cf04 decode/erspan: ERSPAN TypeI configurable 
For the backport, ERSPAN TypeI decode is

1. Disabled by default
2. Configurable: `decoder.erspan_typeI.enabled`

(cherry picked from commit ae6beedd13)
(cherry picked from commit 33b56b31b5)
 5 years ago
Victor Julien 5313264b53 yaml: only enable ikev2 if rust is compiled in 
Bug #3279.
 6 years ago
Jason Ish 16c2bff6e1 htp/lzma: disable by default for 4.1.x. 
The configuration logic had to be changed to be disabled by
default, to prevent a limit being set, but not the enable
flag from enabling lzma.
 6 years ago
Philippe Antoine 7b5d6096e8 http: disable lzma decompression from configuration 6 years ago
Jason Ish 52f2807d37 htp/lzma: set limit from configuration 
Also use a default defined in Suricata, not libhtp.
 6 years ago
Shivani Bhardwaj 4c0dd8fa5d decoder/vxlan: disable by default 6 years ago
Victor Julien 8937d712a0 decoder/vxlan: improvements and cleanups 
Implement port config handling. Also check both src port and dest
port for tunnels that only set the destination port to the VXLAN
port. At the point of the check we don't know the packet direction
yet.

Implement as Suricata tunnel similar to Teredo.

Cleanups.
 6 years ago
Bill Meeks d29072647f detect/geoip: migrate to GeoIP2 database format 
Issue #2765
 6 years ago
Eric Leblond d991a34205 suricata.yaml: fix name of encryption-handling var 6 years ago
Victor Julien 0d86263efd eve.stats: make decoder event prefix configurable 7 years ago
Victor Julien 1dd81f7346 yaml: add missing eve pcap-file comment 7 years ago
Jason Ish 87250da0fc rust/dns: add v1 dns logging 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2704
 7 years ago
Travis Green 3539ae3041 Updated link for Prelude SIEM 
Updated link for Prelude SIEM to https://www.prelude-siem.org/
 7 years ago
Eric Leblond 24806c2102 suricata.yaml: fix path to XDP doc 7 years ago
Victor Julien 1467c30883 pfring: implement 'threads: auto' 
If threads is set to auto, first try the CPU count. If that would
fail, fall back to RSS queue count.
 7 years ago
Victor Julien 3ba2c9fba7 pfring: multiple receive threads is not experimental 7 years ago
Victor Julien 4f84672d7c stats: decoder/stream events as stats 7 years ago
Victor Julien c4d8508f51 eve/json: introduce community flow id 
Add support for community flow id, meant to give a records a
predictable flow id that can be used to match records to
output of other tools.

Takes a 'seed' that needs to be same across sensors and tools
to make the id less predictable.
 7 years ago
Victor Julien ed712768d5 rust: enable by default 
Remove 'experimental' label for Rust, and enable it by default if
rustc and cargo (and libjansson) are available.

Add rustc and cargo versions to the build-info.
 7 years ago
Victor Julien 8b213e9d63 yaml: fix typo 7 years ago
jason taylor d038c78cd6 config: added ja3 to tls custom logging example 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
Konstantin Klinger 2938f797f2 yaml: add var for DC_SERVERS (Domain Controller) 7 years ago
Konstantin Klinger 99193b1492 yaml: add note for dns v1 not available with rust 7 years ago
Konstantin Klinger a3832e4594 yaml: add note for dns.log with Rust 
It is not availbale when rust is enabled.
 7 years ago
Victor Julien 0b46d027d0 rust/smb: implement stream-depth, unlimited by default 7 years ago
Jason Ish 64b6ff7392 config: better default rule file configuration 
Move the rule file configuration down near the bottom of the
configuration file under advanced settings. With the bundling
of Suricata-Update, any rule file configuration within
suricata.yaml could be considered advanced.

Add extra comments to the yaml to make it more clear which was
enabled at installation time.
 7 years ago
jason taylor a2bc008093 add note about eve-alert metadata 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
Victor Julien 693a3df031 tls: document encrypt-handling option 
Document in sample yaml and user guide.
 7 years ago
Jason Ish 9210d8743b rust/dhcp: Rust based DHCP decoder and logger. 
This is a DHCP decoder and logger written in Rust. Unlike most
parsers, this one is stateless so responses are not matched
up to requests by Suricata. However, the output does contain
enough fields to match them up in post-processing.

Rules are included to alert of malformed or truncated options.
 7 years ago
Pierre Chifflier 6ae53a1869 Add event rules for Kerberos 5 7 years ago
Pierre Chifflier fd175f2bfb Add logger for Kerberos 5 metadata 7 years ago
Pierre Chifflier 77f0c11c9e Add Kerberos 5 application layer 7 years ago
Jason Ish 0d51ebc71a eve/alert: use eve-level xff config by default 
The alert section can still have an xff configuration which
will take priority over the eve level xff config.
 7 years ago
Jason Ish 36ec1281b2 eve/files: use eve-level xff config by default 
The files section can still have an xff configuration which
will take priority over the eve level xff config.
 7 years ago
Jason Ish 6607ee8489 eve/http: use eve-level xff config by default 
The http section can still have an xff configuration which
will take priority over the eve level xff config.
 7 years ago
Jason Ish 576584152c eve: use eve-level xff configuration 
If an "xff" configuration section exists on the eve object,
parse and save it for child loggers to use.
 7 years ago
Maurizio Abba 2543930d74 xff: Use XFF configuration in eve and filestore 
XFF configuration is already set in app-layer-htp-xff, and in
output-json-alert. Extending XFF configuration to files and HTTP allow
to get the same behavior as for alerts.

Extend the configuration of filestore json to let filestore metafile
dump be aware of xff. This is available only if write-fileinfo is set
to yes and file-store version is 2.
 7 years ago
Max Fillinger b85a0b188b Add an option for compressing pcap-log files 
Introduces the option 'outputs.pcap-log.compression' which can be set
to 'none' or 'lz4', plus options to set the compression level and to
enable checksums. SCFmemopen is used to make pcap_dump() write to a
buffer which is then compressed using liblz4.
 7 years ago
Jason Ish e048a74ecd rules: set default rule dir to suricata-update if bundled 
If suricata-update is bundled, set the default-rule-dir
to lib/suricata/rules under the $localstatedir

For now use 2 rule-files section that are renamed depending
on if suricata-update is bundled or not.
 7 years ago
Victor Julien f201a3761f rust: remove multi level 'experimental' 
Don't treat 'external' parsers as more experimental. All parsers
depend on crates to some extend, and all have C glue code. So the
distinction doesn't really make sense.
 7 years ago
Pierre Chifflier d16397ce61 Add rules for IKEv2 events 7 years ago
Pierre Chifflier c99b9462d7 Add new parser: IKEv2 
Add a new parser for Internet Key Exchange version (IKEv2), defined in
RFC 7296.
The IKEv2 parser itself is external. The embedded code includes the
parser state and associated variables, the state machine, and the
detection code.

The parser looks the first two messages of a connection, and analyzes
the client and server proposals to check the cryptographic parameters.
 7 years ago
Eric Leblond 66b37d8689 suricata.yaml: fix some spelling mistakes 8 years ago
Mats Klepsland c130820bff conf: user-configurable umask setting 
Make umask user-configurable by setting 'umask' in suricata.yaml.
 8 years ago
Mats Klepsland 0c16cd0120 app-layer-ssl: generate JA3 fingerprints 
Decode additional fields from the client hello packet and generate
JA3 fingerprints.
 8 years ago
Giuseppe Longo 869b7c0e0c output-json-dns: add new configuration 
This patch adds a new configuration for dns,
introducing a "version" that permits to switch
between the new and old format to provide
backward compatibility.

The new configuration is made up of these new fields:
- version
- requests (query)
- response (answer)
- types (custom)
 8 years ago
Victor Julien 251a8e7deb smb: add smb to default eve-log config 8 years ago
Victor Julien 75d7c9d64a rust/smb: initial support 
Implement SMB app-layer parser for SMB1/2/3. Features:
- file extraction
- eve logging
- existing dce keyword support
- smb_share/smb_named_pipe keyword support (stickybuffers)
- auth meta data extraction (ntlmssp, kerberos5)
 8 years ago
Andreas Herz 2e8678a5ff docs: replace redmine links and enforce https on oisf urls 8 years ago
Eric Leblond 60265e023a doc: update xdp documentation 
Also remove configuration info from yaml as they are now in the
documentation.
 8 years ago