General

Profile

Brandon Murphy

  • Login: zoomequipd
  • Registered on: 09/17/2019
  • Last connection: 09/08/2021

Issues

open closed Total
Assigned issues 0 0 0
Reported issues 7 2 9

Activity

09/09/2021

01:34 PM Suricata Bug #4649: Autonomous System Number (ASN) support similar to GeoIP
> They change often and use different abbreviations ("Inc.", or "Ltd." vs "Limited"). Making this work reliably is pr... Brandon Murphy
02:32 AM Suricata Bug #4669 (New): threatexpert usage in reference.config
threatexpert.com is no longer resolving. Quick look at passive dns data shows this stopped on or around 2020-03-13. ... Brandon Murphy

08/26/2021

02:55 PM Suricata Bug #4649 (New): Autonomous System Number (ASN) support similar to GeoIP
Request is to introduce a new keyword which leverages the MaxMind GeoIP ASN database similar to that of the current "... Brandon Murphy

06/02/2021

10:04 PM Suricata Feature #4227: breakout components of tls.cert_subject and tls.cert_issuer into additional "sub" buffers
Another use case for the "sub" buffers is for negations on specific components of the certificate. Such as negating ... Brandon Murphy

05/10/2021

06:35 PM Suricata Bug #2224: Negated http_* match returns false if buffer not populated
Just as an FYI - this issue/design/whatever continues to cause False Negatives on a pretty regular basis. If there i... Brandon Murphy

12/18/2020

06:02 AM Suricata Feature #4227 (New): breakout components of tls.cert_subject and tls.cert_issuer into additional "sub" buffers
h1. Problem
Writing signatures that use tls.cert_subject and tls.cert_issuer to match on content within the Common... Brandon Murphy
04:56 AM Suricata Bug #4226 (New): bsize is considerably slower than depth:x; isdataat:!1,relative
When reviewing rule profiling output of comparing the speed of bsize:x; checks to using depth:x; isdataat:!1,relative... Brandon Murphy
03:53 AM Suricata Bug #4225 (Closed): SC_ERROR_CONF_YAML_ERROR anomaly logger error when in socket mode
Upon the first pcap being submitted in socket mode, an error is logged... Brandon Murphy

02/25/2020

05:57 PM Suricata Bug #3504 (Closed): http.header.raw prematurely truncates in some conditions
In attempting to create a signature for the attached pcap, I found an unexpected behavior in suricata 5.0.0+ as it re... Brandon Murphy

12/12/2019

02:57 PM Suricata Feature #3285: rules: XOR keyword
Victor Julien wrote:
> I suppose it would be useful to use the result of byte_extract as input to the key.
Yes, t... Brandon Murphy

Also available in: Atom