Open Information Security Foundation

Today

06:29 AM Suricata Feature #6695: tls: log extensions

Okay, I have a patch for the client part, I will make the PR shortly Gianni Tedesco

10/18/2024

04:02 AM Suricata Bug #4499: Sudden and enormous memory leak

I think the issue went away with some upgrade along the way. Either that or changes to config or rules (unintentional... Gianni Tedesco

08/09/2024

05:13 AM Suricata Feature #6695: tls: log extensions

I would like to add to the TLS EVE output the following fields:
1. cipher suite list to client struct
2. cipher sui... Gianni Tedesco

04/05/2024

02:42 AM Suricata Bug #6782: streaming/buffer: crash in HTTP body handling

Ran with ASAN and debug compile and got the following output, not sure much more helpful it is than previous backtrac... Gianni Tedesco

03/22/2024

08:45 AM Suricata Bug #6782: streaming/buffer: crash in HTTP body handling

A bit of extra context here. The systems this is happening on, it's happening pretty regularly (eg. every 10 minutes)... Gianni Tedesco

03/21/2024

02:44 AM Suricata Bug #6634: tls: Invalid ja3 due to double client hello

And another discrepancy, which I am not sure about and investigating a bit more is that, sometimes the EVE JSON repor... Gianni Tedesco

02:32 AM Suricata Bug #6634: tls: Invalid ja3 due to double client hello

I am also seeing a case where only two fields are being output, this also seems invalid: "771,4865-4866-4867-49195-49... Gianni Tedesco

03/18/2024

05:12 AM Suricata Feature #6379: JA4 support for TLS and QUIC

It would be good if all the fields required for JA4 can be exported in the EVE TLS event meta-data, that way JA4's (o... Gianni Tedesco

03/17/2024

11:36 AM Suricata Bug #6634: tls: Invalid ja3 due to double client hello

Can confirm we are seeing exactly this problem on approx 0.005% of TLS sessions Gianni Tedesco

02/15/2024

01:30 PM Suricata Bug #6782: streaming/buffer: crash in HTTP body handling

Ran with: ... Gianni Tedesco