General

Profile

Brandon Murphy

  • Login: zoomequipd
  • Registered on: 09/17/2019
  • Last sign in: 05/06/2024

Issues

open closed Total
Assigned issues 0 0 0
Reported issues 36 29 65

Activity

05/16/2024

12:23 PM Suricata Feature #6374: Sticky buffers for sip headers
Philippe Antoine wrote in #note-2:
> Why not a generic sip.request_header keyword ? whose buffer would be name+value...
Brandon Murphy

04/29/2024

01:36 AM Suricata Feature #6996 (New): add transformation to keyword performance stats
While working with transformations to determine how buffer selection impacted performance, I noticed that transformat... Brandon Murphy

04/27/2024

10:05 PM Suricata Feature #6995 (New): raw option for http.request/response_header
As indicated in #6992, it appears that the http.request_header has some header normalization applied to it.
I wo...
Brandon Murphy
03:16 PM Suricata Feature #6993 (New): rule macros for commonly used logic in rules
h4. Problem Statement
The artisanal nature of rule creation often leads to variation in how a common detection log...
Brandon Murphy
02:31 PM Suricata Documentation #6992 (New): Document normalization of header name/value separator
Based on the attached pcap and associated rules, it would appear that within, at least the http.header and http.reque... Brandon Murphy

04/20/2024

10:50 PM Suricata Bug #6424: HTTP/2 - http.host behavior when both :authority pseudo header and host header are present
assigning to OISF Dev Brandon Murphy
10:31 PM Suricata Feature #6823 (Rejected): SC_WARN_POOR_RULE on to_lowercase/to_uppercase transformation with non-possible matching content
i think this might already be a thing, but not the warning, it actually doesn't load the rule... Brandon Murphy

04/18/2024

03:43 AM Suricata Bug #6779: http.header_names behavior when encountering duplicate header names
I would think that there should be _some_ way to detect duplicate header names. but maybe that's just http.header.raw... Brandon Murphy

04/16/2024

02:24 AM Suricata Bug #6959 (Closed): improve handling of content encoding: gzip but request_body not actually compressed
Looking for a little help here.
h3. Context
We have a rule (simplified here) designed to alert on traffic cont...
Brandon Murphy

04/11/2024

01:41 PM Suricata Feature #4226: bsize: apply as depth to patterns
Jeff Lucovsky wrote in #note-15:
> Thanks; the urilen is 42; with that change, all 3 rules are evaluated.
Correct...
Brandon Murphy

Also available in: Atom