suricata
suricata copied to clipboard
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Use the lzma-rs crate for decompressing swf/lzma files instead of the lzma decompressor in libhtp. This decouples suricata from libhtp except for actual http parsing, and means libhtp no longer...
Previous PR: #7661 Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5458 Changes from last PR: - Added two unittests to check for correct packet-action flags after signature matching Thoughts: - should more unittests...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5381 Describe changes: - bring commandline option for simulation of the alert queue reallocation failure to 6.0.x - typo fixes
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5455 Describe changes: - ikev1 : log fields from transaction instead of fields from state Replaces #7668 with using u64 instead of usize
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5207 **Note:** This branch has a known failure and is just for an intermediary review. The work is yet to be completed and tested. Known issue...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/4386 Describe changes: - Backport of #6670 (only first 2 commits, last commit is more code style) Clean cherry-picks except `#include "rust.h"` was needed in addition
This PR adds a transform for base64 encoded data. Here's a rule showing the transform: ``` alert http any any -> any any (msg:"from_base64 transform"; flow:established,from_server; http.response_body; from_base64; content: "This...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/1125 Describe changes: - smtp : adds server side detection - ftp : adds server side detection The most special trick is that the (server) probing...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5456 Describe changes: - detect: checks config keyword in cleanup
Continuation of #7660 Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: [#2871](https://redmine.openinfosecfoundation.org/issues/2871) Describe changes: - Allow lua match scripts to access variables defined in rule by byte_extract or byte_math Updates - Rebase. suricata-verify-pr: 899...