General

Profile

Antti Tönkyrä

Issues

Projects

Activity

12/18/2019

02:00 PM Suricata Bug #3354: eve-log dns (possibly others) alerts miss metadata for all but first packet
I'm not sure if the correct fix would be to add looking up TX like we do in stateless sigs at https://github.com/OISF... Antti Tönkyrä

11/24/2019

11:03 AM Suricata Bug #3354: eve-log dns (possibly others) alerts miss metadata for all but first packet
Sure, https://github.com/OISF/suricata-verify/pull/160 Antti Tönkyrä

11/21/2019

12:52 PM Suricata Bug #3354 (Feedback): eve-log dns (possibly others) alerts miss metadata for all but first packet
It looks like eve-log alerts are slightly broken/miss metadata for DNS (might affect other protocols too).
I thin...
Antti Tönkyrä

07/10/2019

11:36 PM Suricata Bug #2490: Filehash rule does not fire without filestore keyword
Okay verified the same behavior on freshly compiled 4.1.4 too. Antti Tönkyrä
11:28 PM Suricata Bug #2490: Filehash rule does not fire without filestore keyword
Thanks for looking at this, I re-tested this and looks like problem is present in at least in 4.0.4. I can try to tes... Antti Tönkyrä

04/16/2018

11:04 AM Suricata Bug #2490: Filehash rule does not fire without filestore keyword
Oops, missed the actual commands leading to the with-filestore execution:... Antti Tönkyrä
11:01 AM Suricata Bug #2490 (Closed): Filehash rule does not fire without filestore keyword
I was testing some filehash rules and encountered an issue where suricata alert does not fire without filestore keywo... Antti Tönkyrä

04/07/2017

07:43 AM Suricata Bug #2090: Rule-reload in multi-tenancy is buggy
suricata.log when run with -vv... Antti Tönkyrä
06:37 AM Suricata Bug #2090: Rule-reload in multi-tenancy is buggy
From debian sources, detect-engine.c:1228 looks to be... Antti Tönkyrä
06:22 AM Suricata Bug #2090 (Closed): Rule-reload in multi-tenancy is buggy
Observed version 3.2.1-1 (Debian Stretch)
I have observed several failure cases when performing rule reloads in mu...
Antti Tönkyrä

Also available in: Atom