Open Information Security Foundation

12/18/2019

02:00 PM Suricata Bug #3354: eve-log dns (possibly others) alerts miss metadata for all but first packet

I'm not sure if the correct fix would be to add looking up TX like we do in stateless sigs at https://github.com/OISF... Antti Tönkyrä

11/24/2019

11:03 AM Suricata Bug #3354: eve-log dns (possibly others) alerts miss metadata for all but first packet

Sure, https://github.com/OISF/suricata-verify/pull/160 Antti Tönkyrä

11/21/2019

12:52 PM Suricata Bug #3354 (Feedback): eve-log dns (possibly others) alerts miss metadata for all but first packet

It looks like eve-log alerts are slightly broken/miss metadata for DNS (might affect other protocols too).
I thin... Antti Tönkyrä

07/10/2019

11:36 PM Suricata Bug #2490: Filehash rule does not fire without filestore keyword

Okay verified the same behavior on freshly compiled 4.1.4 too. Antti Tönkyrä

11:28 PM Suricata Bug #2490: Filehash rule does not fire without filestore keyword

Thanks for looking at this, I re-tested this and looks like problem is present in at least in 4.0.4. I can try to tes... Antti Tönkyrä

04/16/2018

11:04 AM Suricata Bug #2490: Filehash rule does not fire without filestore keyword

Oops, missed the actual commands leading to the with-filestore execution:... Antti Tönkyrä

11:01 AM Suricata Bug #2490 (Closed): Filehash rule does not fire without filestore keyword

I was testing some filehash rules and encountered an issue where suricata alert does not fire without filestore keywo... Antti Tönkyrä

04/07/2017

07:43 AM Suricata Bug #2090: Rule-reload in multi-tenancy is buggy

suricata.log when run with -vv... Antti Tönkyrä

06:37 AM Suricata Bug #2090: Rule-reload in multi-tenancy is buggy

From debian sources, detect-engine.c:1228 looks to be... Antti Tönkyrä

06:22 AM Suricata Bug #2090 (Closed): Rule-reload in multi-tenancy is buggy

Observed version 3.2.1-1 (Debian Stretch)
I have observed several failure cases when performing rule reloads in mu... Antti Tönkyrä