Open Information Security Foundation

08/27/2024

08:15 PM Suricata Bug #7199: Suricata 7 no longer logging app-layer metadata in alerts

@catenacyber We need a "catch-all" default reject rule for all the IP traffic that is not covered by the protocol-spe... Antonin Bas

06:36 PM Suricata Bug #7199: Suricata 7 no longer logging app-layer metadata in alerts

Thanks for the replies.
@catenacyber Changing the rule to an http rule and adding the `dsize: >0` matcher didn't c... Antonin Bas

08/06/2024

09:55 PM Suricata Bug #7199: Suricata 7 no longer logging app-layer metadata in alerts

Sorry for the additional update.
My guess is that because there is no match on any http attribute, the alert doesn't ... Antonin Bas

08:54 PM Suricata Bug #7199: Suricata 7 no longer logging app-layer metadata in alerts

I changed the action from "reject" to "alert" in my rule, and the behavior is the same: no app-layer (http) metadata ... Antonin Bas

02:48 AM Suricata Bug #7199 (New): Suricata 7 no longer logging app-layer metadata in alerts

After upgrading from Suricata 6 to 7, alerts in the eve JSON output no longer seem to include app-layer metadata.
Th... Antonin Bas

02/02/2023

10:10 PM Suricata Bug #5847: ppa:oisf/suricata-6.0 broken for arm64

Thanks for the quick action.
I can confirm that the issue was been resolved.
I am not able to close this issue myse... Antonin Bas

09:24 PM Suricata Bug #5847 (Closed): ppa:oisf/suricata-6.0 broken for arm64

The ppa:oisf/suricata-6.0 repository is currently broken for the arm64 architecture. It was updated recently and that... Antonin Bas