suricata
suricata copied to clipboard
OISF
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Make sure these boxes are signed before submitting your Pull Request -- thank you. - [x] I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html - [x] I have signed...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/3836 Describe changes: - format rust code #10088 with rebase @jasonish if I understand correctly, the question with this is if the C code should be...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5773 Describe changes: - analyze DNS over HTTP2 ``` SV_BRANCH=pr/1573 ``` https://github.com/OISF/suricata-verify/pull/1573 Draft to get feedback about approach... Leaving comments on the code for specific questions...
SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1616 https://redmine.openinfosecfoundation.org/issues/6553
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5816 Previous PR: https://github.com/OISF/suricata/pull/10264 **Disclaimer:** this code triggers a `stack use after scope` error related, I think, to how I'm trying to "automate" the counter ids...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/2224 https://redmine.openinfosecfoundation.org/issues/6629 https://redmine.openinfosecfoundation.org/issues/6575 Describe changes: - detect: negated content matches on absent buffer - detect: adds `absent` keyword to match on absent buffer - detect: unify...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/4777 Describe Changes: Add sandboxing support for lua detection scripts to avoid memory\cpu overruns and os interaction Fixes CI issue in https://github.com/OISF/suricata/pull/10272 Includes pending PR https://github.com/OISF/suricata/pull/10263
Previously pseudopackets were assigned with ACK flag which falsely turned "NEW" or "SYN" flows to "SYN/ACK" flows especially when Suricata ran with content-matching rules. Ticket: #6733 https://redmine.openinfosecfoundation.org/issues/6733 SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1630
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/4921 Describe changes: - detect: app-layer-protocol keyword with modes Allows especially to consider the final protocol to write rules like `alert tcp any any -> any...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/2881 Describe changes: - configures libhtp to allow spaces in URIs #9843 rebased https://github.com/OISF/suricata-verify/pull/1483 ``` SV_BRANCH=pr/1483 ```