aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,483 Commits
7 Branches
161 Tags
208 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-7.0.8'
${ noResults }
Commit Graph

307 Commits (suricata-7.0.8)

Author SHA1 Message Date
Juliana Fajardini cbc0aa57b1 flowint: add isnotset support 
Similar keywords use `isnotset`, while `flowint` only accepted `notset`
Opted to change the code, not only the regex, to keep the underlying
code also following the same patterns.

Task #7426

(cherry picked from commit 6e4a501e7c)
 8 months ago
Jason Ish eac4854636 requires: treat unknown requires keywords as unmet requirements 
For example, "requires: foo bar" is an unknown requirement, however
its not tracked, nor an error as it follows the syntax. Instead,
record these unknown keywords, and fail the requirements check if any
are present.

A future version of Suricata may have new requires keywords, for
example a check for keywords.

Ticket: #7418
(cherry picked from commit 820a3e51b7)
 8 months ago
Philippe Antoine 72456d359b detect/datasets: implement unset command 
Ticket: 7195

Otherwise, Suricata aborted on such a rule

(cherry picked from commit e47598110a)
 10 months ago
Victor Julien 6824a4bc5f doc/userguide: document iprep isset/isnotset 
(cherry picked from commit 8b42182fee)
 1 year ago
Victor Julien b014b1e8e6 doc/userguide: add more operators to iprep 
(cherry picked from commit 2f74d435d3)
 1 year ago
Victor Julien e04d8f3045 doc/userguide: add noalert/alert keyword docs 
(cherry picked from commit 50ef646d45)
 1 year ago
Victor Julien 8fdbb0b17d doc/userguide: give pcre1 to pcre2 proper heading 
(cherry picked from commit c83e3285ae)
 1 year ago
Sascha Steinbiss 93fd349b3f ja4: implement for TLS and QUIC 
Ticket: OISF#6379
(cherry picked from commit 120313f4da)
 1 year ago
Victor Julien 84fc3bed2c detect/iprep: update doc about 0 value 
A value of 0 was already allowed by the rule parser, but didn't
actually work.

Bug: #6834.
(cherry picked from commit fcca5c7514)
 1 year ago
Shivani Bhardwaj f0b856214c doc: add note about fast_pattern w base64_data 
Bug 6859
 1 year ago
Juliana Fajardini 2efde5b87f userguide: fix explanation about bsize ranges 
Our code handles Uint ranges as exclusive, but for bsize, our
documentation stated that they're inclusive.

Cf. from uint.rs:

    DetectUintMode::DetectUintModeRange => {
        if val > x.arg1 && val < x.arg2 {
            return true;
        }
    }

Task #6708

(cherry picked from commit 244a35d539)
 1 year ago
Jason Ish cc6319b37c doc: note what version "requires" was added in 
(cherry picked from commit 8bf8131c31)
 2 years ago
Lukas Sismis 203f80bf97 doc: remove references to prehistoric versions 
Remove references that are mentioning Suricata 3 or less
As a note - only one Suricata 4 reference found:
(suricata-yaml.rst:"In 4.1.x")
Fast pattern selection criteria can be internally found by inspecting
SupportFastPatternForSigMatchList and SigTableSetup functions.

Ticket: #6699
(cherry picked from commit 6e4cc79b39)
 2 years ago
Jason Ish 09fc36713f requires: add requires keyword 
Add a new rule keyword "requires" that allows a rule to require specific
Suricata versions and/or Suricata features to be enabled.

Example:

  requires: feature geoip, version >= 7.0.0, version < 8;
  requires: version >= 7.0.3 < 8
  requires: version >= 7.0.3 < 8 | >= 8.0.3

Feature: #5972

Co-authored-by: Philippe Antoine <pantoine@oisf.net>
(cherry picked from commit 5d5b0509a5)
 2 years ago
Philippe Antoine 2a86df53f2 detect: strip_pseudo_headers transform 
Ticket: 6546
(cherry picked from commit adf5e6da7b)
 2 years ago
Philippe Antoine f2e83e420d doc: fix byte_test examples 
As this keyword has 4 mandatory arguments, and some examples
had only three...

Ticket: 6629
(cherry picked from commit 4933b817aa)
 2 years ago
Jeff Lucovsky 062d9ea9fd doc/transform: Document case-changing transforms. 
Issue: 6439
(cherry picked from commit 9ee55d2394)
 2 years ago
Philippe Antoine e974dbea0e detect: header_lowercase transform 
Ticket: 6290
(cherry picked from commit 32cce122e1)
 2 years ago
jason taylor aae6beaa5a doc: update file.data keyword documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Victor Julien f6fb48c0ca doc/userguide: add tag keyword page 
Ticket: #3015.
(cherry picked from commit 6b2c33990f)
 2 years ago
jason taylor 535938d7f6 doc: add tls.cert_chain_len docs 
Ticket: #6386

Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Travis Green 96a0e7016f doc: add tcp flags documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor be324d7856 doc: update file.magic information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 008cc78a03 doc: update fileext keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor e99b1787a2 doc: update file.name keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Andreas Herz da68692547 doc: dataset - add type to be mandatory 2 years ago
jason taylor c95fce39f0 doc: add multi buffer support note to keyword docs 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 88960e909d doc: add multiple buffer matching documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jeff Lucovsky 47e268d609 detect/byte_math: Document bytes variable name 
Issue: 6145

Document that byte_math accepts a variable name for bytes (optional)
 2 years ago
Jeff Lucovsky 3a4554fc2b detect/byte-jump: Document var usage for nbytes 
Issue: 6105
 2 years ago
Jeff Lucovsky 73b943276e doc/byte_test: Document byte_test variable usage 
Issue: 6144

This commit updates the byte_test documentation now that a variable name
can be used for the nbytes value.
 2 years ago
Shivani Bhardwaj b6f8f5eb3b doc/http: use "sticky buffer" where applicable 2 years ago
Jason Ish 14daa42e0b doc/userguide: dataset upgrade notes 2 years ago
Jason Ish 4a97461f9a doc/userguide: notes about Lua rules being disabled by default 2 years ago
Philippe Antoine 415b036dca http1: implement http.request_header 
So that it is generic for HTTP1 and HTTP2

Ticket: #5780
 2 years ago
Philippe Antoine 7256ec8a6e detect/http2: do not escape ':' in header name or value 
for keywords http.request_header and http.response_header

Ticket: #5780
 2 years ago
Philippe Antoine 656554f293 http2: rename http2.header to http.request_header 
Or http.response_header based on the direction

http2.header had a different behavior than http.header and this was
confusing.

Ticket: #5780
 2 years ago
Eloy Pérez González b3c7130749 krb5: update krb5_msg_type keyword docs 2 years ago
Victor Julien 0903536fd6 doc: spelling 
Thanks to Josh Soref.
 2 years ago
Philippe Antoine 9bd2b72e2b doc: explain where tls.store stores certificates 
By adding a reference/link to the doc about the suricata.yaml
config section pecifying the directory where the certificates
are stored
 2 years ago
Victor Julien c0d9b3c078 doc/userguide: spelling 2 years ago
Andreas Herz 3045e75ee1 doc: add note on the hashsize recommendation for datasets 2 years ago
Philippe Antoine 59734d16a1 detect: use http.connection to client 
Ticket: #5746
 2 years ago
Philippe Antoine 6bc7f02e13 doc: rules can have http1 as protocol 
Ticket: #5962
 2 years ago
Jeff Lucovsky fd46c93a8f doc/byte_math: Add divide by 0 discussion. 
Issue: 5945
 2 years ago
Jeff Lucovsky 35bbdf4124 doc/content: Add limits for distance/within 
Ticket: 5740
 2 years ago
Shivani Bhardwaj 0f3e7761da doc: add dataset examples 2 years ago
Haleema Khan 609df1776e userguide: update tls keywords information 
Ticket #5544
 2 years ago
jason taylor 0632233791 userguide: update http.cookie description 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
Jeff Lucovsky 197ad51138 doc: Update bsize documentation 
This commit updates the bsize documentation

1. Describe what happens when "content" immediately precedes "bsize"
2. Include the operators and
3. Include examples using the operators.
 3 years ago