Open Information Security Foundation

10/30/2024

09:12 AM Suricata Bug #7357: filestore keyword option seems not to work

In https://github.com/OISF/suricata-verify/pull/2111 filestore-v2.11-with-option is testing the problem. Eric Leblond

09:11 AM Suricata Bug #7356: Unexpected effect of filestore keyword

In https://github.com/OISF/suricata-verify/pull/2111 filestore-v2.10-wrong-direction is testing this problem. Eric Leblond

10/29/2024

09:19 PM Suricata Bug #7357 (In Progress): filestore keyword option seems not to work

Eric Leblond

05:24 PM Suricata Bug #7357 (In Progress): filestore keyword option seems not to work

with the same condition described in https://redmine.openinfosecfoundation.org/issues/7356, it seems we have problem ... Eric Leblond

05:20 PM Suricata Bug #7356 (New): Unexpected effect of filestore keyword

If we take the two following signatures on a pcap file where exe file are downloaded over http, then the first one (s... Eric Leblond

05:16 PM Suricata Documentation #7355 (New): Non working signatures in filestore explanation

On https://docs.suricata.io/en/latest/file-extraction/file-extraction.html
There is a series of example on the ext... Eric Leblond

10/28/2024

06:29 PM Suricata Bug #7346: eve/fileinfo: sha256 should not be logged on incomplete file

I think we can close this. Getting file even truncated for analysis is interesting.
Sorry for the noise. Eric Leblond

10/26/2024

12:07 PM Suricata Bug #7347 (In Progress): eve/alert: log file_data

As transformation occurs on stream data when it becomes file data, it may not be trivial for the analyst to understan... Eric Leblond

11:57 AM Suricata Bug #7346 (In Progress): eve/fileinfo: sha256 should not be logged on incomplete file

fileinfo contains the sha256 even if the file is incomplete. This leads to confusion as incorrect values are used.
... Eric Leblond

10/25/2024

09:44 PM Suricata Bug #7345 (In Review): build fail when only --enable-profiling-rules is used

Eric Leblond