You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

Frank Honza 1c8943dedd add RFB parser This commit adds support for the Remote Framebuffer Protocol (RFB) as used, for example, by various VNC implementations. It targets the official versions 3.3, 3.7 and 3.8 of the protocol and provides logging for the RFB handshake communication for now. Logged events include endpoint versions, details of the security (i.e. authentication) exchange as well as metadata about the image transfer parameters. Detection is enabled using keywords for: - rfb.name: Session name as sticky buffer - rfb.sectype: Security type, e.g. VNC-style challenge-response - rfb.secresult: Result of the security exchange, e.g. OK, FAIL, ... The latter could be used, for example, to detect brute-force attempts on open VNC servers, while the name could be used to map unwanted VNC sessions to the desktop owners or machines. We also ship example EVE-JSON output and keyword docs as part of the Sphinx source for Suricata's RTD documentation.		6 years ago
..
3rd-party-integration	doc/userguide: new 3rd party section, add bluecoat	7 years ago
_static	doc: Add suricata.css to allow for some custom styling	8 years ago
capture-hardware	docs/napatech: Correct typo	6 years ago
configuration	doc: removed unified2 output	6 years ago
file-extraction	doc/filestore(v1) - make deprecation text a note	6 years ago
licenses	doc: convert fancy quotes to straight quotes	7 years ago
lua	userguide: add documentation for Ja3SGetString Lua function	7 years ago
manpages	doc: Add manpages for suricatasc and suricatactl	7 years ago
output	add RFB parser	6 years ago
partials	doc/userguide: Update for dump-features	6 years ago
performance	doc: Correct RST quote usage	6 years ago
reputation	userguide: remove old reference to rule-reload option	6 years ago
rule-management	userguide: remove section on using Oinkmaster	6 years ago
rules	add RFB parser	6 years ago
setting-up-ipsinline-for-linux	…
.gitignore	…
Makefile.am	doc: add upgrade page	6 years ago
Makefile.sphinx	…
README.md	doc: Fix typo Generate -> Generator	6 years ago
acknowledgements.rst	doc: Add my own name to the acknowledgements	8 years ago
command-line-options.rst	doc: break out command line options into a common doc	9 years ago
conf.py	doc/conf: Update copyright and regex for version	6 years ago
convert.py	…
index.rst	doc: add upgrade page	6 years ago
initscripts.rst	…
install.rst	doc/install: fix geoip typo	6 years ago
make-sense-alerts.rst	doc: spelling mistakes in various sections of the user guide	8 years ago
public-data-sets.rst	Update public-data-sets.rst with stratosphere project	8 years ago
quickstart.rst	doc: add quickstart guide	6 years ago
setting-up-ipsinline-for-linux.rst	doc: reformat linux ips guide	6 years ago
setting-up-ipsinline-for-windows.rst	Adds WinDivert support to Windows builds	8 years ago
unix-socket.rst	doc: removal of disable-rust and path typo for suricatasc	6 years ago
upgrade.rst	doc: add upgrade page	6 years ago
what-is-suricata.rst	doc: update what is suricata section	9 years ago

README.md

Suricata User Guide

This directory contains the Suricata Guide. The Sphinx Document Generator is used to build the documentation. For a primer os reStructuredText see the reStructuredText Primer.

Verifying Changes

There are a number of output formats to choose from when making the source documentation locally (e.g. html, pdf, man).

The documentation source can be built with make -f Makefile.sphinx html. Substitute the 'html' word for desired output format.

There are different application dependencies based on the output desired.