- Registered on: 03/22/2017
- Last connection: 04/14/2018
- 07:59 PM Suricata Feature #2488 (New): HTML Parsing / Buffers
- We write a lot of signatures on the contents of html in file_data. It would be awesome to be able to do some parsing/...
- 07:46 PM Suricata Feature #2283: turn content modifiers into 'sticky buffers'
- After some time thinking about this, perhaps the initial 'http_' portion of the buffer name is not needed?
- 06:53 PM Suricata Feature #2487 (New): Buffers for field/value pairs in http_uri and http_client_body
- We've found http_header_names to be one of our favorite new 4.0 buffers and would like to see if we could carry over ...
- 06:43 PM Suricata Feature #2486 (Assigned): prefilter/fast_pattern logic for flowbits
- It would be useful to have a way to indicate that a rule with a flowbit check should only be checked in the event tha...
- 07:22 PM Suricata Bug #2479 (New): http_cookie negation fails if no cookie in traffic
- Given the below example rule where we are looking for a HTTP POST with a http_cookie negation:...
- 06:27 PM Suricata Support #2401: Detect last CPU's vulnerabilities
The ETPRO signature set has a few signatures on various PoCs that have been observed in the wild. As this i...
- 12:58 PM Suricata Feature #2332 (Closed): Support for common http response headers - Location and Server
- It would be useful to have these as sticky buffers
Given the following headers...
> HTTP/1.1 302 Moved Temporar...
- 10:41 AM Suricata Feature #2283: turn content modifiers into 'sticky buffers'
- 1. flip the proto to the end
- this complicates the naming a little
- breaks the current "proto_buffer"; naming ...
- 10:34 AM Suricata Feature #2287 (Rejected): force lowercase on dns_query buffer
- Suricata currently forces lowercase on http_host, should lowercase also be applied here?
- 02:27 PM Suricata Bug #2205: Buffer confusion with fast_pattern:only;
- was able to confirm this behavior earlier today
Also available in: Atom