suricata

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

cybersecurity ids intrusion-detection-system intrusion-prevention-system ips network-monitor network-monitoring nsm security suricata threat-hunting

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

Victor Julien fd5a06017d detect: per port and proto rule grouping Replace tree based approach for rule grouping with a per port (tcp/udp) and per protocol approach. Grouping now looks like: +----+ \|icmp+---> +----+ \|gre +---> +----+ \|esp +---> +----+ other\|... \| +----->-----+ \| \|N +---> \| +----+ \| \| tcp +----+ +----+ +----->+ 80 +-->+ 139+--> \| +----+ +----+ \| \| udp +----+ +----+ +---+----->+ 53 +-->+ 135+--> \| +----+ +----+ \|toserver +---> \|toclient \| +---> So the first 'split' in the rules is the direction: toserver or toclient. Rules that don't have a direction, are in both branches. Then the split is between tcp/udp and the other protocols. For tcp and udp port lists are used. For the other protocols, grouping is simply per protocol. The ports used are the destination ports for toserver sigs and source ports for toclient sigs.		10 years ago
benches	Initial add of the files.	17 years ago
contrib	suri-graphite: add ouput to file option	11 years ago
doc	Fix make distcheck on CentOS 5.11	11 years ago
lua	output-lua: add SCPacketTimeString	11 years ago
m4	Prelude plugin: add detection in configure script	16 years ago
qa	hyperscan: add DrMemory suppressions	10 years ago
rules	rules: add rules for TLS SNI app layer events	10 years ago
scripts	app-layer setup scripts: enable new modules on copy	10 years ago
src	detect: per port and proto rule grouping	10 years ago
.gitignore	unittest: make check use a qa/log dir for logging	13 years ago
.travis.yml	travis: set CFLAGS to error on cc warnings	10 years ago
COPYING	GPL license sync with official gpl-2.0.txt	10 years ago
ChangeLog	Update Changelog for 3.0.1	10 years ago
LICENSE	GPL license sync with official gpl-2.0.txt	10 years ago
Makefile.am	build: install app-layer-events.rules	10 years ago
Makefile.cvs	Initial add of the files.	17 years ago
acsite.m4	Added C99 defs/macros to acsite.m4 for CentOS	17 years ago
autogen.sh	OpenBSD 5.2 build fixes, Unit test fix.	13 years ago
classification.config	Import of classification.config	16 years ago
config.rpath	Add file needed for some autotools version.	13 years ago
configure.ac	Open Suricata 3.1 development branch	10 years ago
doxygen.cfg	doxygen: add source browser	12 years ago
reference.config	Update reference.config	11 years ago
suricata.yaml.in	mpm: remove obsolete mpm algos	10 years ago
threshold.config	threshold: improve comments of shipped threshold.config, add links to wiki.	13 years ago