David Wharton - Open Information Security Foundation

David Wharton

Login: dwharton
Registered on: 03/16/2013
Last sign in: 01/06/2021

Issues

	open	closed	Total
Assigned issues	0	0	0
Reported issues	5	8	13

Activity

01/06/2021

04:14 AM Suricata Bug #4225: SC_ERROR_CONF_YAML_ERROR anomaly logger error when in socket mode: I was about to report this but Brandon beat me to it.
When Suricata starts in socket mode, OutputAnomalyLoggerEnab... David Wharton

02/12/2020

03:24 AM Suricata Bug #3467 (Closed): Alert metadata not present in EVE output when using Socket Control Pcap Processing Mode: Suricata has long supported the "metadata" keyword in rules and since version 4.1, has included the metatdata informa... David Wharton

01/26/2020

06:39 AM Suricata Bug #3448 (Closed): Suricata 4.1 Seg Fault: Socket Control pcap-file and corrupt pcap: Suricata 4.1 (tested on 4.1.5 and 4.1.6) seg faults when using socket control, and sending the "pcap-file" command wi... David Wharton

01/06/2020

07:24 PM Suricata Bug #3436 (New): Suricata Socket Control crashing using command 'reopen-log-files': Creating per Victor's request.
Suricata is core dumping and seg faulting when calling the socket control command "... David Wharton

03/21/2019

12:21 PM Suricata Support #2890: HTTP alert isn't triggered when writing ".." as part of the scanned URI: This isn't a bug, it is expected and desired behavior.
The 'http_uri' buffer is a normalized buffer which means th... David Wharton

11/17/2018

12:44 AM Suricata Feature #2689: http: Normalized HTTP client body buffer: This could possibly be implemented as a transform but seems more natural to treat similar to the http_uri normalized ... David Wharton
12:23 AM Suricata Feature #2689 (Closed): http: Normalized HTTP client body buffer: Currently the 'http_uri' buffer is normalized. This is a request to extend the same normalization (URI decode) to th... David Wharton

11/12/2018

02:29 PM Suricata Feature #2670 (Closed): tls_cert sticky buffer: *Feature Request:*
_tls_cert_ sticky buffer for the entire parsed out SSL certificate.
*Notes:*
* Similar to o... David Wharton
02:13 PM Suricata Feature #1249: http/dns ip-reputation alike technique: I agree that having DNS Reputation would be valuable. It could be called "dnsrep" since it would be like iprep but f... David Wharton

09/12/2018

02:46 PM Suricata Feature #2311: math on extracted values: While Suricata has matured to the point where it should be defining IDS rule capabilities instead of reacting to othe... David Wharton

Also available in: Atom