Open Information Security Foundation

09/28/2021

03:07 AM Suricata Bug #4715 (Feedback): pcre keyword cause more alert!

When I use the pcre keyword to detect pcap. It alerted 156 times.
@alert smb any any -> any any (msg:"smb test";pcr... albert wang

09/03/2021

06:38 AM Suricata Feature #4660 (New): base64_decode cannot be used with Transformations like pcrexform

I want to extract the regular matching content and then base64 decode it.
@alert http any any -> any any (msg:"t... albert wang

06/30/2021

06:18 AM Suricata Bug #4548 (Closed): rules: Unable to find the sm in any of the sm lists

I want to detect dns.flags.response==0 and dns.query is "test" or "abc" or "sdf".
@alert dns any any -> any any ... albert wang

06/29/2021

08:27 AM Suricata Feature #4547 (New): pcrexform not support tcp and other protocol

I want use keyword "pcrexform" to outputs the first captured expression.and use content to check. but alert "transfor... albert wang

03/16/2021

07:14 AM Suricata Bug #4399 (Rejected): use keyword ‘offset’ that cause more alert

The rules are as follows
@alert tcp any any -> any [445,135,139] (msg:"test";flow:from_client,established;content:"|... albert wang