- Login: zoomequipd
- Registered on: 09/17/2019
- Last connection: 09/08/2021
- 01:34 PM Suricata Bug #4649: Autonomous System Number (ASN) support similar to GeoIP
- > They change often and use different abbreviations ("Inc.", or "Ltd." vs "Limited"). Making this work reliably is pr...
- 02:32 AM Suricata Bug #4669 (New): threatexpert usage in reference.config
- threatexpert.com is no longer resolving. Quick look at passive dns data shows this stopped on or around 2020-03-13. ...
- 02:55 PM Suricata Bug #4649 (New): Autonomous System Number (ASN) support similar to GeoIP
- Request is to introduce a new keyword which leverages the MaxMind GeoIP ASN database similar to that of the current "...
- 10:04 PM Suricata Feature #4227: breakout components of tls.cert_subject and tls.cert_issuer into additional "sub" buffers
- Another use case for the "sub" buffers is for negations on specific components of the certificate. Such as negating ...
- 06:35 PM Suricata Bug #2224: Negated http_* match returns false if buffer not populated
- Just as an FYI - this issue/design/whatever continues to cause False Negatives on a pretty regular basis. If there i...
- 06:02 AM Suricata Feature #4227 (New): breakout components of tls.cert_subject and tls.cert_issuer into additional "sub" buffers
- h1. Problem
Writing signatures that use tls.cert_subject and tls.cert_issuer to match on content within the Common...
- 04:56 AM Suricata Bug #4226 (New): bsize is considerably slower than depth:x; isdataat:!1,relative
- When reviewing rule profiling output of comparing the speed of bsize:x; checks to using depth:x; isdataat:!1,relative...
- 03:53 AM Suricata Bug #4225 (Closed): SC_ERROR_CONF_YAML_ERROR anomaly logger error when in socket mode
- Upon the first pcap being submitted in socket mode, an error is logged...
- 05:57 PM Suricata Bug #3504 (Closed): http.header.raw prematurely truncates in some conditions
- In attempting to create a signature for the attached pcap, I found an unexpected behavior in suricata 5.0.0+ as it re...
- 02:57 PM Suricata Feature #3285: rules: XOR keyword
- Victor Julien wrote:
> I suppose it would be useful to use the result of byte_extract as input to the key.
Also available in: Atom