Open Information Security Foundation

11/25/2024

07:06 AM Suricata Bug #7410 (New): Engine does not warn when a rule contains multiple threshold keywords

I found a open source rule with 2 threshold keywords:
```
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET... Travis Green

04/29/2024

06:28 PM Suricata Bug #6997 (New): Socket mode hard fail with pcap logging mode and multiple link layer pcap file

When using socket mode with pcap logging enabled, suricata exits with error when encountering pcaps with multiple lin... Travis Green

10/21/2019

07:49 PM Suricata Bug #3109: dcerpc engine not generating alerts

... Travis Green

10/14/2019

04:05 PM Suricata Bug #3109: dcerpc engine not generating alerts

Submitted PR for suricata-verify test https://github.com/OISF/suricata-verify/pull/139 Travis Green

10/04/2019

09:11 PM Suricata Bug #3218 (New): ssl_state does the wrong thing

The *ssl_state* keyword does not alert on the correct state when specified in the rule.
Example 1: should work w... Travis Green

09/12/2019

04:59 PM Suricata Task #3016 (Closed): No documentation for "endswith" keyword

closed via https://github.com/OISF/suricata/pull/4175 Travis Green

08/29/2019

04:28 AM Suricata Task #3014: Missing documentation for "flags" option

added PR https://github.com/OISF/suricata/pull/4138 Travis Green

08/15/2019

06:31 PM Suricata Documentation #3029: No documentation for "dcerpc" keywords

Shivani Bhardwaj wrote:
> There are no docs or examples of usage for "dcerpc.iface", "dcerpc.opnum", "dcerpc.stub_da... Travis Green

08/09/2019

11:04 PM Suricata Bug #3109: dcerpc engine not generating alerts

Eric Leblond had this deeper analysis to offer:... Travis Green

11:02 PM Suricata Bug #3109 (Closed): dcerpc engine not generating alerts

Rules using dce* keywords do not generate an alert despite matching packet contents. For example, given these two rul... Travis Green