Open Information Security Foundation

07/10/2025

03:36 AM Suricata-Update Bug #7421: parser: -s/--show-advanced option is broken

Jason Ish wrote in #note-2:
> Do we have an example here? I won't really understand the issue.
I think the proble... Shivani Bhardwaj

07/09/2025

06:33 AM Suricata Documentation #7806: Keywords missing documentation

I agree this should be fixed.
Related but not sure if helpful: we're working on adding "description" to logged fie... Shivani Bhardwaj

07/01/2025

07:00 AM Suricata Bug #7783 (Closed): smtp: incorrect inspection window

Closed by: https://github.com/OISF/suricata/pull/13550 Shivani Bhardwaj

06/20/2025

12:17 PM Suricata Bug #7772 (In Review): flowbits: no-op set and isset combinations are accepted

In Review PR: https://github.com/OISF/suricata/pull/13508 Shivani Bhardwaj

10:14 AM Suricata Bug #7783 (In Review): smtp: incorrect inspection window

In Review PR: https://github.com/OISF/suricata/pull/13505 Shivani Bhardwaj

10:06 AM Suricata Bug #7783 (Closed): smtp: incorrect inspection window

SMTP requests inspection of raw data upon a full side parsed in a transaction. This is incorrect. It should mimic wha... Shivani Bhardwaj

10:04 AM Suricata Documentation #4351 (In Review): doc: explain the engine logic to trigger inspection of TCP data

Shivani Bhardwaj

06/19/2025

08:58 AM Suricata Optimization #7775 (New): applayer: deduplicate parsers smb/dcerpc and dcerpc

There is a lot of code duplication between smb/dcerpc and the standalone dcerpc parsers that can be deduplicated. Shivani Bhardwaj

08:53 AM Suricata Bug #7774 (Assigned): flowbits: unneeded set + toggle combinations are accepted

For example, a rule like:
@alert tcp any any -> any any (msg:"set + toggle"; http.method; content:"GET"; flowbits:... Shivani Bhardwaj

08:51 AM Suricata Bug #7773 (Assigned): flowbits: no-op unset + isnotset combinations are accepted

For example, a rule like:
@alert tcp any any -> any any (msg:"unset + isnotset"; flowbits:isnotset,abc; http.metho... Shivani Bhardwaj