Open Information Security Foundation

02/26/2024

03:53 PM Suricata Bug #4223: rule loading takes too much time in certain cases

yes Peter Manev

01/25/2024

01:11 PM Suricata Bug #6716 (New): fast.log enabled when running specifically without rules

When running Suricata without rules/disable detection (aka NSM mode only) we still initialize the legacy fast.log
... Peter Manev

12/05/2023

10:20 AM Suricata Bug #6567: anomaly and file info logs discrepancy results between versions

It took me a bit to pinpoint the problem but this can be triggered the following way - by adjusting the stream.depth ... Peter Manev

12/01/2023

12:07 PM Suricata Bug #6591 (New): protodetect: ftp parsed as smtp

Single stream pcap attached (thanks to AnyRun) to reproduce.
In this case the traffic is part of FTP brute force t... Peter Manev

11/21/2023

09:19 PM Suricata Bug #6567: anomaly and file info logs discrepancy results between versions

What is the build info for your master build ? Peter Manev

08:32 PM Suricata Bug #6567: anomaly and file info logs discrepancy results between versions

password is "infected" Peter Manev

08:32 PM Suricata Bug #6567 (New): anomaly and file info logs discrepancy results between versions

Reading the same pcap (attached, thanks to AnyRun) with Suricata 7.0.2 and latest gitmaster gives different results.
... Peter Manev

11/12/2023

02:55 PM Suricata Feature #2695: websocket support

Also private pcap shared, thanks Brandon !
Peter Manev

02:52 PM Suricata Feature #2695: websocket support

Also this pcap - thanks to AnyRun - https://app.any.run/tasks/caf8a256-6249-47ec-8de0-80b5d6049874/ Peter Manev

09/04/2023

05:33 AM Suricata Bug #6291: Performance degradation on Suricata devices with a small number of rules

Can you share some steps or details how to reproduce the performance degradation issue please?
How many rules/wh... Peter Manev