suricata
suricata copied to clipboard
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5082 Describe changes: - Add new sticky buffer smb.filename to match the filenames that are being accessed by SMB through the create file request - Add...
the origin is https://github.com/OISF/suricata/pull/7385.
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5274 Describe changes: - changed Doxygen settings to enable call/er graph for static functions - disabled showing unittests in call/er graphs (only `RunUnittests` shows now) -...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5270 Describe changes: - flow: optionally use livedev for hash Should it be optional ? Ie does suricata support having 2 interfaces monitoring the same network...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5317 Describe changes: - flow: compute stat counters again as broken by commit b3599507f4eb891841417575587d690ea13fe6c0 Variables like `FlowTimeoutCounters.clo` was always 0 and never changed. It is sad...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5205 Describe changes: - Adds an option `ftp-hash` for `autofp-scheduler` : like `hash` except for FTP-ish flows No S-V test as this is about a concurrency...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5330 Describe changes: - Use configuration value of `vlan.use-for-tracking` also for ICMPv4 flows That is use util function `CmpVlanIds` as is done in other cases Replaces...
Make sure these boxes are signed before submitting your Pull Request -- thank you. - [x] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing - [x] I have signed...
Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: None Describe changes: - Sets an event if protocol change fails (ie if there is already protocol change going on) Another way to do this would...
This is a draft of a module that includes IPFire Location in suricata. The "geoip" keyword allows rule authors to detect (with a certain degree of confidence) where the source/destination...