suricata
suricata copied to clipboard
OISF
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Ticket: [#7587](https://redmine.openinfosecfoundation.org/issues/7587) ### Description: - Implement ``email.body_md5`` keyword. ### Changes: - clean git history SV_BRANCH=https://github.com/OISF/suricata-verify/pull/2560 Previous PR: https://github.com/OISF/suricata/pull/13435
Issue: 6357 Link to ticket: https://redmine.openinfosecfoundation.org/issues/6357 Describe changes: - Extend analyzer match output with `dsize` value information. ### Provide values to any of the below to override the defaults. -...
Continuation of #13445 Extend engine analysis output with ICMP `icode` information. Link to ticket: https://redmine.openinfosecfoundation.org/issues/6359 Describe changes: - Add utilitity function to JSONify U8 types - Add `icode` value to...
A flow with IPv4 IP in IP traffic won't handle this tunneling case properly. This leads to potential malicious traffic not triggering alerts, as well as other inaccuracies in the...
Not entirely sure about this one. Not very well documented sadly. Lets see what QA says.
Under some cases (below), the depth and offset values are used twice. This commit disregards the distance variable (if any), when computing the final depth. These rules are logically equivalent:...
Replaces: #13401 Changes since v1: - Allowed `max-dump` to be set to 0, and correctly apply a core dump limit of 0. - Updated the unit test to reflect this...
This situation was indicated in a suricata-verify test, but not in our docs. Related to Bug #2094 Link to ticket: https://redmine.openinfosecfoundation.org/issues/ Describe changes: - Add explanation present in test https://github.com/OISF/suricata-verify/pull/2467#discussion_r2060879328...
Link to ticket: https://redmine.openinfosecfoundation.org/issues/ https://redmine.openinfosecfoundation.org/issues/7674 Describe changes: - on top of https://github.com/OISF/suricata/pull/13302 - introduces configurable tunnel_id to distinguish same-looking (same 5-tuple) flows encapsulated in different tunnels - adds a config...
Link to ticket: https://redmine.openinfosecfoundation.org/issues/ https://redmine.openinfosecfoundation.org/issues/7717 Describe changes: - Treat vxlan as its own tunnel in order to be able to log ARP over VXLAN - ebpf: check maps compatibility (and...