Open Information Security Foundation

Today

04:23 PM Suricata Support #2725: stream/packet on wrong thread

As an FYI
Tested/reproducible with the following kernels
Debian Stable with:...

04:12 PM Suricata Bug #2786 (New): make install-full does not install some source events rules

Using 4.1.0-dev (rev b51e4a39) with "make install-full" installs only...

04:04 PM Suricata Feature #2785 (New): rules index update - add JA3 / SSL IP sources

The following public sets are also available form https://sslbl.abuse.ch/blacklist/ for Suricata 4.1.0+ :
JA3:
ht...

03:59 PM Suricata Feature #2784 (New): rules index update - ssl blacklists

Currently the ruleset index located here - https://www.openinfosecfoundation.org/rules/index.yaml
Has the followin...

01/17/2019

12:48 PM Suricata Bug #2776 (New): pcap open - invalid interface capture length 524288, bigger than maximum of 262144

...

12:11 PM Suricata Bug #2605: engine-analysis warning on PCRE

another example on sid 2834428 using 4.1.0-dev (rev b51e4a3):...

01/16/2019

04:16 PM Suricata Bug #2775 (Assigned): dns v1/2 with rust results in less app layer data available in the alert record (for dns related alerts/rules)

Using the following rule:
alert dns any any -> any any (msg:"SURICATA DNS query .com"; dns_query; content:".com"; ...

09:13 AM Suricata Feature #2774: pcap multi dev support for Windows

If you define it as part of the pcap configuration inside suricata.yaml it works thought:...

08:54 AM Suricata Feature #2774 (Assigned): pcap multi dev support for Windows

Using our Suricata msi pkg on 2016 Win server...

01/15/2019

02:08 PM Suricata Bug #2773 (New): add suricata-update to MSI packaging