General

Profile

Peter Manev

Issues

open closed Total
Assigned issues 22 53 75
Reported issues 85 364 449

Projects

Project Roles Registered on
Suricata Developer, OISF Team, OISF Manager 04/06/2011
Suricata-Update Developer, OISF Team, OISF Manager 10/31/2017

Activity

03/05/2025

04:10 PM Suricata Task #6952 (In Progress): ppa: run as a non-root user
Peter Manev
03:43 PM Suricata Task #6952: ppa: run as a non-root user
For Suricata 8 implement:
* run as user
* systemd
note: make sure ownership is covered too.
Peter Manev

11/25/2024

01:27 PM Suricata Bug #7410: Engine does not warn when a rule contains multiple threshold keywords
However, if multiple thresholds are listed, latest stable complains about it :... Peter Manev
08:32 AM Suricata Bug #7410: Engine does not warn when a rule contains multiple threshold keywords
I think I needed more coffee :) before my previous post. Peter Manev
07:43 AM Suricata Bug #7410: Engine does not warn when a rule contains multiple threshold keywords
Latest stable complains and it will not load the rule in a regular run, however the message is not quite clear:
...
Peter Manev

09/09/2024

04:33 PM Suricata Bug #7250 (New): tls version match can have incorrect behaviour

We have detailed TLS (event_type:tls) and flow (event_type:flow) logs where information about an encrypted session ...
Peter Manev

06/17/2024

07:09 PM Suricata Feature #5646: rules: allow matching on flow pkts and bytes in either direction
"either" is good in my opinion. Peter Manev
09:53 AM Suricata Feature #7097: Additions to flow detection - size
This should cover it https://redmine.openinfosecfoundation.org/issues/5646 Peter Manev
06:55 AM Suricata Feature #7103 (Feedback): ssh: extra fields and keywords

Consider adding more ssh protocol fields (to the existing ssh protocol logging) and ssh keywords (to the rules for ...
Peter Manev

06/16/2024

04:23 PM Suricata Feature #7101 (Feedback): eve: add number of flowbits in protocol records and alerts
Very useful for hunting can be the number of flowbits present in a protocol log or alert.
Details: https://www.st...
Peter Manev

Also available in: Atom