Actions
Task #6443
openUpdated by Philippe Antoine 12 months ago
- Related to Feature #1199: protocol: LDAP support added
Updated by Philippe Antoine 12 months ago
- Related to Task #5682: tracking: smb performance issues added
Updated by Philippe Antoine 12 months ago
- Related to Optimization #5679: tracking: useful log output added
Updated by Philippe Antoine 12 months ago
- Related to Feature #5665: rules: bidirectional transaction matching added
Updated by Philippe Antoine 12 months ago
- Related to Feature #5664: "Scope" bits should have an expiration added
Updated by Philippe Antoine 12 months ago
- Related to Feature #2772: Add MPLS labels to alert output added
Updated by Philippe Antoine 12 months ago
- Related to Feature #5675: protocol: MMS SCADA support added
Updated by Philippe Antoine 12 months ago
- Related to Feature #5642: DNS: parity between log fields and detection added
Updated by Philippe Antoine 12 months ago
- Related to Task #4772: tracking: parity between fields logged and fields available for detection added
Updated by Philippe Antoine 12 months ago
HTTP/3 : no feedback from decryptors
More SMTP and FTP keywords and detection
- smtp.subject
Updated by Philippe Antoine 12 months ago
Philippe Antoine wrote in #note-11:
HTTP/3 : no feedback from decryptors
More SMTP and FTP keywords and detection
- smtp.subject
Frames support can be an alternative to a new keyword
Updated by Philippe Antoine 12 months ago
file.data does not work for SMTP body, SMTP body should be treated as a file
Updated by Philippe Antoine 12 months ago
- Related to Feature #5773: Support DNS over HTTPS (DoH) added
Updated by Juliana Fajardini Reichow 12 months ago
- Related to Task #4143: tracking: file.data improvements added
Updated by Philippe Antoine 12 months ago
Clarify the doc between ftp and ftp-data abilities
Updated by Philippe Antoine 12 months ago
- Related to Feature #6206: Investigate a more intuitive use of the timestamp field in traffic/metadata events added
Updated by Juliana Fajardini Reichow 12 months ago
- Related to Documentation #6452: userguide/ftp: clarify usage around ftp and ftp.data keyword added
Updated by Philippe Antoine 12 months ago
- Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools added
Updated by Philippe Antoine 12 months ago
Domain name can be in DNS names, HTTP host or TLS sni based on the networks that do not have all these traffics
Updated by Philippe Antoine 12 months ago
Add client certificates information in output
Already done in suricata 7
Updated by Philippe Antoine 12 months ago
- Related to Task #2167: tracking: eve enhancements added
Updated by Philippe Antoine 12 months ago
fileinfo event could hav the name of the file being stored on disk
Updated by Philippe Antoine 12 months ago
Have a version field for each event ?
Updated by Philippe Antoine 12 months ago
- Related to Feature #5972: rules: "requires" keyword representing the minimum version of suricata to support the rule added
Updated by Victor Julien 12 months ago
- Related to Feature #6453: Support DNS over TLS added
Updated by Victor Julien 12 months ago
- Related to Feature #4853: eve: Add information about Suricata version added
Updated by Jason Ish 12 months ago
- Related to Feature #6296: smtp: BDAT chunking support incl MIME parsing added
Updated by Jason Ish 12 months ago
- Related to Task #4380: tracking: improvements to bits, ints, vars added
Updated by Philippe Antoine 12 months ago
- Related to Feature #6456: output: binary logging added
Updated by Philippe Antoine 12 months ago
- Related to Feature #6457: eve: configurable list of fields in output added
Updated by Victor Julien 12 months ago
- Related to Documentation #6071: eve/schema: add descriptions to the schema added
Updated by Jason Ish 12 months ago
- Related to Task #3299: tracking: Add support for industrial protocol added
Updated by Jason Ish 12 months ago
- Related to Feature #6464: protocol: profibus added
Updated by Juliana Fajardini Reichow 12 months ago
- Related to Task #6463: eve/output: investigate how to track coverage / parity added
Updated by Philippe Antoine 12 months ago
- Related to Feature #5838: dpdk: NIC encapsulation stripping added
Updated by Jason Ish 12 months ago
- Related to Feature #6465: multi-tenant: support vxlan as a selector added
Updated by Jason Ish 12 months ago
- Related to Feature #6466: multi-tenant: support mpls as a selector added
Updated by Jason Ish 12 months ago
- Related to Feature #6467: flow tracking: add other parameters to flow tracking added
Updated by Philippe Antoine 12 months ago
- Related to Feature #6472: HTTP/3 support added
Updated by Victor Julien 12 months ago
- Related to Task #6473: detect: smtp keyword coverage added
Updated by Jason Ish 12 months ago
- Related to Task #6476: ftp: parity of logging and detection buffers added
Updated by Victor Julien 12 months ago
- Related to Feature #6198: Feature Request: Add "SMTP" keywords for use in rules added
Updated by Jason Ish 12 months ago
- Related to Feature #4876: Additional FTP Buffers added
Updated by Philippe Antoine 12 months ago
- Related to Feature #3260: SMTP Base64 Decoding of Message Body added
Updated by Philippe Antoine 12 months ago
- Related to Feature #3261: SMTP quoted-printable Decoding of Message Body added
Updated by Philippe Antoine 12 months ago
- Related to Documentation #6478: schema: add missing fields added
Updated by Victor Julien 12 months ago
- Related to Feature #5489: research: multi version rules; or version dependent rules added
Updated by Philippe Antoine 12 months ago
- Related to Feature #6290: support case insensitive testing of HTTP header name existence added
Updated by Philippe Antoine 12 months ago
detecting bad capture
unidirectional, encapsulation, duplicate packets...
Updated by Juliana Fajardini Reichow 12 months ago
- Related to Feature #5816: Exception policy stats counters added
Updated by Philippe Antoine 12 months ago
- Related to Feature #6482: Deployment: detect if capture is good enough added
Updated by Juliana Fajardini Reichow 12 months ago
- Related to Feature #5681: datasets: add more transform layers to match on domains added
Updated by Philippe Antoine 12 months ago
it would great to find a way to reduce impact of inspection on throughput performance. i.e. let’s say throughput is 5 gig on a box but once Suricata is enabled it drops to a bit over 1 gig.
Updated by Philippe Antoine 12 months ago
doc/release: include a delta of changes to suricata.yaml
@Jason Ish just said he will create a ticket for this
Updated by Philippe Antoine 12 months ago
performance: Where do the packets get dropped ?
Updated by Philippe Antoine 12 months ago
- Related to Task #5666: rules: help to visualize how a Suricata rule matches (different contents/offsets) added
Updated by Victor Julien 12 months ago
- Related to Feature #5206: Buffer Dump Utility added
Updated by Philippe Antoine 12 months ago
- Related to Feature #2695: websocket support added
Updated by Philippe Antoine 12 months ago
- Related to Feature #4776: lua: vendor latest lua stable added
Updated by Jason Ish 12 months ago
- Related to Feature #4775: lua: overhaul lua support added
Updated by Jason Ish 12 months ago
- Related to Feature #4777: lua: implement sandboxing added
Updated by Juliana Fajardini Reichow 12 months ago
- Related to Documentation #6484: userguide: add keyword performance results added
Updated by Juliana Fajardini Reichow 12 months ago
- Related to Task #6485: [investigate] Scoring method for keywords and transforms added
Updated by Philippe Antoine 12 months ago
- Related to Bug #6394: Sudden increase in capture.kernel_drops and tcp.pkt_on_wrong_thread after upgrading to 6.0.14 added
Updated by Juliana Fajardini Reichow 12 months ago
- Related to Documentation #6486: userguide: explain pkt_on_wrong_thread counter added
Updated by Philippe Antoine 12 months ago
- Related to Bug #5220: fast_pattern specification in base64_data shouldn't be allowed added
Updated by Jason Ish 12 months ago
- Related to Feature #6487: transform: from_base64 added
Actions