Open Information Security Foundation

02/06/2018

04:45 AM Suricata Feature #2343: Add "flush" command to unix socket

I've tested some scenarios in order to understand the behavior.
First I want to explain my test setup:
In order t... Chris Knott

12/08/2017

11:21 AM Suricata Feature #2343 (New): Add "flush" command to unix socket

If network data is not sent continuously onto a live traffic capturing interface it can be, that some flow informatio... Chris Knott

11:09 AM Suricata Feature #2342 (New): Write PCAP files directly to Unix Socket

In addition to the current behavior of the unix socket interface where PCAP files can be registered for processing by... Chris Knott

12/01/2017

04:29 AM Suricata Optimization #2272: Analyze DNS response if query is not present

My suggestion would be that single sided DNS should work if, in the "stream" section of the configuration, "midstream... Chris Knott

11/16/2017

03:47 PM Suricata Optimization #2272 (Rejected): Analyze DNS response if query is not present

A DNS event should be logged in the eve.json file if the DNS response is available in the packet stream only (meaning... Chris Knott

04/12/2017

09:18 AM Suricata Bug #2094 (New): luajit: SCFlowvarGet always returns null

Scenario: I want to manipulate a flow variable that I've extracted with a PCRE with a Lua script. Whenever I call the... Chris Knott