Jason Ish
Jason Ish
This is based on https://github.com/OISF/suricata/pull/10681, but provides an example of what could be a common library user example where the user just wants to provide a custom capture method, and...
Rename the following abuse.ch rulesets: - sslbl/ssl-fp-blacklist -> abuse.ch/ssl-blacklist - sslbl/ja3-fingerprints -> abuse.ch/ja3-blacklist This keeps the old entries around to keep compatibility with older versions of suricata-update, but marks them...
Rebase of https://github.com/OISF/suricata-verify/pull/1487. First, if doing `run.py pattern` consider the directories to the test as part of the test name. For example you might have a directory `foobar` with tests...
Test that SMB that is seen in the wrong direction (requests from server to client, and replies from client to server) alert. Requires Suricata PR https://github.com/OISF/suricata/pull/7084 as well as some...
Example: ``` requires: features: - -HAVE_LUA ``` would require that Suricata does not have Lua support.
Test for correct behvaior when a Lua rule crashes. On crash, a Lua script should not result in a match when negation is applied. Also test for: - error stat...
If a rule script crashed, the return value was treated as a no match. This would make a negation of the rule match and alert. Instead cleanup and exit early...
- Fix YAML loading for latest Python versions. - Add "rev" to generated http rules. - Regen rules.
Taking a quick look at your rules I see that you are using the local *sid* space. Before considering these rules for the Suricata Rule Index (https://github.com/OISF/suricata-intel-index), they should use...
Rebase of https://github.com/OISF/suricata/pull/10998 with all comments addressed: - style fixups - --disable-lua gone Mainly pushing for QA. I have pending: - allowlist for function instead of denylist - replacement function...