https://redmine.openinfosecfoundation.org/
https://redmine.openinfosecfoundation.org/favicon.ico?1701117002
2021-07-08T13:46:23Z
Open Information Security Foundation
Suricata - Bug #4482: detect: detect events not in rules, not tested (and not working?)
https://redmine.openinfosecfoundation.org/issues/4482?journal_id=20317
2021-07-08T13:46:23Z
Jeff Lucovsky
<ul></ul><p>In addition, there's an additional detect event not handled properly -- events set with <code>DetectEngineSetEvent</code> are effectively ignored.<br /><pre>
$ gg DetectEngineSetEvent
src/detect-engine.c:1035: DetectEngineSetEvent(det_ctx, DETECT_EVENT_TOO_MANY_BUFFERS);
src/detect-engine.c:4243:void DetectEngineSetEvent(DetectEngineThreadCtx *det_ctx, uint8_t e)
src/detect.h:1498:void DetectEngineSetEvent(DetectEngineThreadCtx *det_ctx, uint8_t e);
src/util-file-decompression.c:95: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_INVALID_SWF_LENGTH);
src/util-file-decompression.c:111: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_INVALID_SWF_VERSION);
src/util-file-decompression.c:117: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_INVALID_SWF_VERSION);
src/util-file-decompression.c:134: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_NO_MEM);
src/util-file-swf-decompression.c:105: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_Z_DATA_ERROR);
src/util-file-swf-decompression.c:109: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_Z_STREAM_ERROR);
src/util-file-swf-decompression.c:113: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_Z_BUF_ERROR);
src/util-file-swf-decompression.c:117: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_Z_UNKNOWN_ERROR);
src/util-file-swf-decompression.c:146: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_FORMAT_ERROR);
src/util-file-swf-decompression.c:151: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_DECODER_ERROR);
src/util-file-swf-decompression.c:168: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_MEMLIMIT_ERROR);
src/util-file-swf-decompression.c:172: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_OPTIONS_ERROR);
src/util-file-swf-decompression.c:176: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_DATA_ERROR);
src/util-file-swf-decompression.c:180: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_BUF_ERROR);
src/util-file-swf-decompression.c:184: DetectEngineSetEvent(det_ctx, FILE_DECODER_EVENT_LZMA_UNKNOWN_ERROR);
</pre></p>
Suricata - Bug #4482: detect: detect events not in rules, not tested (and not working?)
https://redmine.openinfosecfoundation.org/issues/4482?journal_id=20803
2021-10-03T12:26:10Z
Jeff Lucovsky
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>In Review</i></li></ul><p><a class="external" href="https://github.com/OISF/suricata/pull/6435">https://github.com/OISF/suricata/pull/6435</a></p>
Suricata - Bug #4482: detect: detect events not in rules, not tested (and not working?)
https://redmine.openinfosecfoundation.org/issues/4482?journal_id=21569
2021-12-11T14:23:12Z
Jeff Lucovsky
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-1 status-7 priority-4 priority-default child" href="/issues/4898">Bug #4898</a>: detect: Ensure detection events are logged</i> added</li></ul>
Suricata - Bug #4482: detect: detect events not in rules, not tested (and not working?)
https://redmine.openinfosecfoundation.org/issues/4482?journal_id=25078
2022-10-25T09:28:23Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>7.0.0-beta1</i> to <i>7.0.0-rc1</i></li></ul>
Suricata - Bug #4482: detect: detect events not in rules, not tested (and not working?)
https://redmine.openinfosecfoundation.org/issues/4482?journal_id=25303
2022-11-01T18:56:47Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Subtask</strong> <i>#4898</i> added</li></ul>
Suricata - Bug #4482: detect: detect events not in rules, not tested (and not working?)
https://redmine.openinfosecfoundation.org/issues/4482?journal_id=26616
2023-01-30T08:31:43Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>7.0.0-rc1</i> to <i>8.0.0-beta1</i></li></ul>
Suricata - Bug #4482: detect: detect events not in rules, not tested (and not working?)
https://redmine.openinfosecfoundation.org/issues/4482?journal_id=27659
2023-04-27T15:20:57Z
Philippe Antoine
<ul></ul><p>Indeed <code>DetectEngineGetEvents</code> seems unused</p>
<p>Is there a ticket for swf obsolescence ?</p>