mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
245 lines
5.5 KiB
C
245 lines
5.5 KiB
C
/* Copyright (C) 2007-2017 Open Information Security Foundation
|
|
*
|
|
* You can copy, redistribute or modify this Program under the terms of
|
|
* the GNU General Public License version 2 as published by the Free
|
|
* Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* version 2 along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301, USA.
|
|
*/
|
|
|
|
/**
|
|
* \file
|
|
*
|
|
* \author Victor Julien <victor@inliniac.net>
|
|
*/
|
|
|
|
#ifndef __DETECT_ENGINE_REGISTER_H__
|
|
#define __DETECT_ENGINE_REGISTER_H__
|
|
|
|
enum {
|
|
DETECT_SID,
|
|
DETECT_PRIORITY,
|
|
DETECT_REV,
|
|
DETECT_CLASSTYPE,
|
|
|
|
/* sorted by prefilter priority. Higher in this list means it will be
|
|
* picked over ones lower in the list */
|
|
DETECT_AL_APP_LAYER_PROTOCOL,
|
|
DETECT_ACK,
|
|
DETECT_SEQ,
|
|
DETECT_WINDOW,
|
|
DETECT_IPOPTS,
|
|
DETECT_FLAGS,
|
|
DETECT_FRAGBITS,
|
|
DETECT_FRAGOFFSET,
|
|
DETECT_TTL,
|
|
DETECT_TOS,
|
|
DETECT_ITYPE,
|
|
DETECT_ICODE,
|
|
DETECT_ICMP_ID,
|
|
DETECT_ICMP_SEQ,
|
|
DETECT_DSIZE,
|
|
|
|
DETECT_FLOW,
|
|
/* end prefilter sort */
|
|
|
|
DETECT_THRESHOLD,
|
|
DETECT_METADATA,
|
|
DETECT_REFERENCE,
|
|
DETECT_TAG,
|
|
DETECT_MSG,
|
|
DETECT_CONTENT,
|
|
DETECT_URICONTENT,
|
|
DETECT_PCRE,
|
|
DETECT_DEPTH,
|
|
DETECT_STARTS_WITH,
|
|
DETECT_ENDS_WITH,
|
|
DETECT_DISTANCE,
|
|
DETECT_WITHIN,
|
|
DETECT_OFFSET,
|
|
DETECT_REPLACE,
|
|
DETECT_NOCASE,
|
|
DETECT_FAST_PATTERN,
|
|
DETECT_RAWBYTES,
|
|
DETECT_BYTETEST,
|
|
DETECT_BYTEJUMP,
|
|
DETECT_SAMEIP,
|
|
DETECT_GEOIP,
|
|
DETECT_IPPROTO,
|
|
DETECT_FTPBOUNCE,
|
|
DETECT_ISDATAAT,
|
|
DETECT_ID,
|
|
DETECT_RPC,
|
|
DETECT_FLOWVAR,
|
|
DETECT_FLOWVAR_POSTMATCH,
|
|
DETECT_FLOWINT,
|
|
DETECT_PKTVAR,
|
|
DETECT_NOALERT,
|
|
DETECT_FLOWBITS,
|
|
DETECT_HOSTBITS,
|
|
DETECT_IPV4_CSUM,
|
|
DETECT_TCPV4_CSUM,
|
|
DETECT_TCPV6_CSUM,
|
|
DETECT_UDPV4_CSUM,
|
|
DETECT_UDPV6_CSUM,
|
|
DETECT_ICMPV4_CSUM,
|
|
DETECT_ICMPV6_CSUM,
|
|
DETECT_STREAM_SIZE,
|
|
DETECT_DETECTION_FILTER,
|
|
|
|
DETECT_DECODE_EVENT,
|
|
DETECT_GID,
|
|
DETECT_MARK,
|
|
|
|
DETECT_BSIZE,
|
|
|
|
DETECT_AL_TLS_VERSION,
|
|
DETECT_AL_TLS_SUBJECT,
|
|
DETECT_AL_TLS_ISSUERDN,
|
|
DETECT_AL_TLS_NOTBEFORE,
|
|
DETECT_AL_TLS_NOTAFTER,
|
|
DETECT_AL_TLS_EXPIRED,
|
|
DETECT_AL_TLS_VALID,
|
|
DETECT_AL_TLS_FINGERPRINT,
|
|
DETECT_AL_TLS_STORE,
|
|
|
|
DETECT_AL_HTTP_COOKIE,
|
|
DETECT_HTTP_COOKIE,
|
|
DETECT_AL_HTTP_METHOD,
|
|
DETECT_HTTP_METHOD,
|
|
DETECT_AL_HTTP_PROTOCOL,
|
|
DETECT_AL_HTTP_START,
|
|
DETECT_AL_URILEN,
|
|
DETECT_AL_HTTP_CLIENT_BODY,
|
|
DETECT_HTTP_REQUEST_BODY,
|
|
DETECT_AL_HTTP_SERVER_BODY,
|
|
DETECT_HTTP_RESPONSE_BODY,
|
|
DETECT_AL_HTTP_HEADER,
|
|
DETECT_HTTP_HEADER,
|
|
DETECT_AL_HTTP_HEADER_NAMES,
|
|
DETECT_AL_HTTP_HEADER_ACCEPT,
|
|
DETECT_AL_HTTP_HEADER_ACCEPT_LANG,
|
|
DETECT_AL_HTTP_HEADER_ACCEPT_ENC,
|
|
DETECT_AL_HTTP_HEADER_CONNECTION,
|
|
DETECT_AL_HTTP_HEADER_CONTENT_LEN,
|
|
DETECT_AL_HTTP_HEADER_CONTENT_TYPE,
|
|
DETECT_AL_HTTP_HEADER_REFERER,
|
|
DETECT_AL_HTTP_RAW_HEADER,
|
|
DETECT_HTTP_RAW_HEADER,
|
|
DETECT_AL_HTTP_URI,
|
|
DETECT_HTTP_URI,
|
|
DETECT_HTTP_URI_RAW,
|
|
DETECT_AL_HTTP_RAW_URI,
|
|
DETECT_AL_HTTP_STAT_MSG,
|
|
DETECT_HTTP_STAT_MSG,
|
|
DETECT_AL_HTTP_STAT_CODE,
|
|
DETECT_HTTP_STAT_CODE,
|
|
DETECT_AL_HTTP_USER_AGENT,
|
|
DETECT_HTTP_UA,
|
|
DETECT_AL_HTTP_HOST,
|
|
DETECT_HTTP_HOST,
|
|
DETECT_AL_HTTP_RAW_HOST,
|
|
DETECT_HTTP_HOST_RAW,
|
|
DETECT_AL_HTTP_REQUEST_LINE,
|
|
DETECT_AL_HTTP_RESPONSE_LINE,
|
|
DETECT_AL_NFS_PROCEDURE,
|
|
DETECT_AL_NFS_VERSION,
|
|
DETECT_AL_SSH_PROTOCOL,
|
|
DETECT_AL_SSH_PROTOVERSION,
|
|
DETECT_AL_SSH_SOFTWARE,
|
|
DETECT_AL_SSH_SOFTWAREVERSION,
|
|
DETECT_AL_SSL_VERSION,
|
|
DETECT_AL_SSL_STATE,
|
|
DETECT_BYTE_EXTRACT,
|
|
DETECT_FILE_DATA,
|
|
DETECT_PKT_DATA,
|
|
DETECT_AL_APP_LAYER_EVENT,
|
|
|
|
DETECT_DCE_IFACE,
|
|
DETECT_DCE_OPNUM,
|
|
DETECT_DCE_STUB_DATA,
|
|
DETECT_SMB_NAMED_PIPE,
|
|
DETECT_SMB_SHARE,
|
|
|
|
DETECT_ASN1,
|
|
|
|
DETECT_ENGINE_EVENT,
|
|
DETECT_STREAM_EVENT,
|
|
|
|
DETECT_FILENAME,
|
|
DETECT_FILE_NAME,
|
|
DETECT_FILEEXT,
|
|
DETECT_FILESTORE,
|
|
DETECT_FILEMAGIC,
|
|
DETECT_FILEMD5,
|
|
DETECT_FILESHA1,
|
|
DETECT_FILESHA256,
|
|
DETECT_FILESIZE,
|
|
|
|
DETECT_L3PROTO,
|
|
DETECT_LUA,
|
|
DETECT_IPREP,
|
|
|
|
DETECT_AL_DNS_QUERY,
|
|
DETECT_AL_TLS_SNI,
|
|
DETECT_AL_TLS_CERT_ISSUER,
|
|
DETECT_AL_TLS_CERT_SUBJECT,
|
|
DETECT_AL_TLS_CERT_SERIAL,
|
|
DETECT_AL_TLS_CERT_FINGERPRINT,
|
|
|
|
DETECT_AL_TLS_JA3_HASH,
|
|
DETECT_AL_TLS_JA3_STRING,
|
|
|
|
DETECT_AL_MODBUS,
|
|
DETECT_CIPSERVICE,
|
|
DETECT_ENIPCOMMAND,
|
|
|
|
DETECT_AL_DNP3DATA,
|
|
DETECT_AL_DNP3FUNC,
|
|
DETECT_AL_DNP3IND,
|
|
DETECT_AL_DNP3OBJ,
|
|
|
|
DETECT_XBITS,
|
|
DETECT_BASE64_DECODE,
|
|
DETECT_BASE64_DATA,
|
|
|
|
DETECT_AL_KRB5_ERRCODE,
|
|
DETECT_AL_KRB5_MSGTYPE,
|
|
DETECT_AL_KRB5_CNAME,
|
|
DETECT_AL_KRB5_SNAME,
|
|
|
|
DETECT_TEMPLATE,
|
|
DETECT_TEMPLATE2,
|
|
DETECT_FTPDATA,
|
|
DETECT_TARGET,
|
|
DETECT_AL_TEMPLATE_RUST_BUFFER,
|
|
DETECT_AL_TEMPLATE_BUFFER,
|
|
|
|
DETECT_BYPASS,
|
|
|
|
DETECT_PREFILTER,
|
|
|
|
DETECT_TRANSFORM_COMPRESS_WHITESPACE,
|
|
DETECT_TRANSFORM_STRIP_WHITESPACE,
|
|
DETECT_TRANSFORM_MD5,
|
|
DETECT_TRANSFORM_SHA1,
|
|
DETECT_TRANSFORM_SHA256,
|
|
|
|
/* make sure this stays last */
|
|
DETECT_TBLSIZE,
|
|
};
|
|
|
|
void SigTableList(const char *keyword);
|
|
void SigTableSetup(void);
|
|
void SigTableRegisterTests(void);
|
|
|
|
#endif /* __DETECT_ENGINE_REGISTER_H__ */
|