PM Peter Manev
- Login: pevma
- Email: petermanev@gmail.com
- Registered on: 11/16/2010
- Last sign in: 03/18/2026
Issues
| open | closed | Total | |
|---|---|---|---|
| Assigned issues | 25 | 55 | 80 |
| Reported issues | 82 | 373 | 455 |
Projects
| Project | Roles | Registered on |
|---|---|---|
| Suricata | Developer, OISF Team, OISF Manager | 04/06/2011 |
| Suricata-Update | Developer, OISF Team, OISF Manager | 10/31/2017 |
Activity
03/18/2026
- PM 09:56 AM Suricata Feature #8384 (New): dns: add dns.rdata keyword
- The below data is extract from a "event_type:dns" record/log in Suricata.
We have the data and we can query it in SIEM - which is great.
What would be ideal is to add a keyword (in Suricata 8/9) to match exactly on that buffer...
02/27/2026
- PM 10:24 AM Suricata Feature #8335 (Assigned): pgsql: add keywords for better detection and coverage
- We have PostgreSQL/pgsql protocol logging - it is great to have it in the SIEM and doing visualizations with it.
While i as doing that a few thing made an impression on me that we could add key words in order to trigger an alert (not ju...
12/05/2025
- PM 01:55 PM Suricata Bug #8154 (New): krb5_sname only works to client
- It seems there is a problem with the KRB5 parser.
Rules and pcaps to reprodcue:
https://forum.suricata.io/t/problems-with-krb5-parser/6121/4
The analysis are here https://forum.suricata.io/t/problems-with-krb5-parser/6121/5
09/11/2025
- PM 11:57 AM Suricata Bug #7892 (New): icmp detection corner case with dns app_proto
- Recently reviewing a few different cases and stumbled on interesting ICMP pcap trace where the proto is ICMP but app_proto is DNS.
It seems that the first 2 rules trigger and the third one does not , while a user would expect it to ...
09/04/2025
- PM 07:19 AM Suricata Feature #7882 (Assigned): icmp malware channel activity events in one sided flows
- We have one way malware communication channel in the attached "single channel" pcap.
The responses are coming via another channel , not ICMP.
Full pcap is located here https://www.activecountermeasures.com/malware-of-the-day-c2-ov...
08/29/2025
- PM 12:33 PM Suricata Bug #7873: stream_size: no error with udp rule
- yes, 7 i affected too.
- PM 09:50 AM Suricata Bug #7873: stream_size: no error with udp rule
- The bellow is a test that does not error with the rule above.
- PM 09:41 AM Suricata Bug #7873 (Assigned): stream_size: no error with udp rule
- The combination of udp plus stream_size should error out.
For example this rule should not load and should throw an err:
08/28/2025
- PM 06:13 PM Suricata Bug #3221 (Closed): EBPFDeleteKey -- ERRCODE: SC_ERR_SYSCALL(50)
- PM 06:13 PM Suricata Bug #3221: EBPFDeleteKey -- ERRCODE: SC_ERR_SYSCALL(50)
- This is too old to be true by now as also too many things have changed. Closing.
If I encounter it again i will repost/reopen.