General

Profile

Jason Williams

  • Registered on: 03/22/2017
  • Last connection: 04/14/2018

Issues

Projects

Activity

04/14/2018

07:59 PM Suricata Feature #2488 (New): HTML Parsing / Buffers
We write a lot of signatures on the contents of html in file_data. It would be awesome to be able to do some parsing/...
07:46 PM Suricata Feature #2283: turn content modifiers into 'sticky buffers'
After some time thinking about this, perhaps the initial 'http_' portion of the buffer name is not needed?
our ru...
06:53 PM Suricata Feature #2487 (New): Buffers for field/value pairs in http_uri and http_client_body
We've found http_header_names to be one of our favorite new 4.0 buffers and would like to see if we could carry over ...
06:43 PM Suricata Feature #2486 (New): prefilter/fast_pattern logic for flowbits
It would be useful to have a way to indicate that a rule with a flowbit check should only be checked in the event tha...

04/05/2018

07:22 PM Suricata Bug #2479 (New): http_cookie negation fails if no cookie in traffic
Given the below example rule where we are looking for a HTTP POST with a http_cookie negation:...

01/20/2018

06:27 PM Suricata Support #2401: Detect last CPU's vulnerabilities
Roman,
The ETPRO signature set has a few signatures on various PoCs that have been observed in the wild. As this i...

12/04/2017

12:58 PM Suricata Feature #2332 (Assigned): Support for common http response headers - Location and Server
It would be useful to have these as sticky buffers
Given the following headers...
> HTTP/1.1 302 Moved Temporar...

11/20/2017

10:41 AM Suricata Feature #2283: turn content modifiers into 'sticky buffers'
1. flip the proto to the end
- this complicates the naming a little
- breaks the current "proto_buffer"; naming ...
10:34 AM Suricata Feature #2287 (Rejected): force lowercase on dns_query buffer
Suricata currently forces lowercase on http_host, should lowercase also be applied here?

08/29/2017

02:27 PM Suricata Bug #2205: Buffer confusion with fast_pattern:only;
was able to confirm this behavior earlier today

Also available in: Atom