suricata
suricata copied to clipboard
OISF
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Make sure these boxes are signed before submitting your Pull Request -- thank you. - [X] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing - [X] I have signed...
This patchset proposes an alternative to filemagic as it has multiple issues: - filemagic is known for bad performance - database is not consistent between system - results are sometime...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/4985 Describe changes: - quic: add frames support I still do not understand the benefit of frames for protocols over UDP... What am I missing ?...
Parses and logs the bittorrent-dht protocol. Feature: https://redmine.openinfosecfoundation.org/issues/3086 Previous PR: https://github.com/OISF/suricata/pull/7731 Changes since last PR: - parse value lists into a list of peer data structures - add nodes6 parsing...
This fixes issue 4759. The problem is, that when tcp rules are active in case of a tcp dns connection first the server to client is inspected and nothing found....
#7794 on top #7793 Tickets: https://redmine.openinfosecfoundation.org/issues/5191 https://redmine.openinfosecfoundation.org/issues/1096 https://redmine.openinfosecfoundation.org/issues/5183 https://redmine.openinfosecfoundation.org/issues/5481 suricata-verify-pr: 911
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/3487 Describe changes: - convert HTTP to use new rust mime parser This is a draft to run CI, share work and get feedback :-) Follows...
Metadata keyword in signatures can have any key defined so we should allow them. Make sure these boxes are signed before submitting your Pull Request -- thank you. - [x]...
Continuation of #7785 This PR extends Suricata's support for VLANs from 2 to 3 levels. There is no standard for 3 levels of VLANs but 3 levels are not uncommon...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5205 Describe changes: - Adds an option `ftp-hash` for `autofp-scheduler` : like `hash` except for FTP-ish flows No S-V test as this is about a concurrency...