- Login: jae
- Registered on: 03/22/2017
- Last connection: 11/03/2020
- 04:10 PM Suricata Feature #3688: Re-implement fast_pattern:only; in some way
- Victor Julien wrote in #note-1:
> @http.user_agent; content:"test"; startswith;@ is essentially the same as @http.us...
- 05:43 PM Suricata Feature #3688 (Feedback): Re-implement fast_pattern:only; in some way
- I've been working on updating the Suricata 5 ET/ETPRO set over the past few weeks to proper notation and it is very a...
- 11:23 PM Suricata Bug #3505 (Closed): Negations on contents within the http_cookie buffer causes FN if no http_cookie is present
- For the below http request:
> POST /wp-content/uploads/2020/02/phish/phish/process1.php HTTP/1.1
- 10:45 PM Suricata Feature #3494: rules: Keyword for determining if the http_host is an ip address
- I typo'd the pcre from memory, but you know what i mean...
- 10:43 PM Suricata Feature #3494 (New): rules: Keyword for determining if the http_host is an ip address
- In the ET ruleset in order to express the fact that http communications are going to an IP address rather than a host...
- 07:59 PM Suricata Feature #2488 (New): HTML Parsing / Buffers
- We write a lot of signatures on the contents of html in file_data. It would be awesome to be able to do some parsing/...
- 07:46 PM Suricata Feature #2283: turn content modifiers into 'sticky buffers'
- After some time thinking about this, perhaps the initial 'http_' portion of the buffer name is not needed?
- 06:53 PM Suricata Feature #2487 (New): Buffers for field/value pairs in http_uri and http_client_body
- We've found http_header_names to be one of our favorite new 4.0 buffers and would like to see if we could carry over ...
- 06:43 PM Suricata Feature #2486 (Assigned): prefilter/fast_pattern logic for flowbits
- It would be useful to have a way to indicate that a rule with a flowbit check should only be checked in the event tha...
- 07:22 PM Suricata Bug #2479 (New): http_cookie negation fails if no cookie in traffic
- Given the below example rule where we are looking for a HTTP POST with a http_cookie negation:...
Also available in: Atom