Open Information Security Foundation

03/05/2025

04:10 PM Suricata Task #6952 (In Progress): ppa: run as a non-root user

Peter Manev

03:43 PM Suricata Task #6952: ppa: run as a non-root user

For Suricata 8 implement:
* run as user
* systemd
note: make sure ownership is covered too.
Peter Manev

11/25/2024

01:27 PM Suricata Bug #7410: Engine does not warn when a rule contains multiple threshold keywords

However, if multiple thresholds are listed, latest stable complains about it :... Peter Manev

08:32 AM Suricata Bug #7410: Engine does not warn when a rule contains multiple threshold keywords

I think I needed more coffee :) before my previous post. Peter Manev

07:43 AM Suricata Bug #7410: Engine does not warn when a rule contains multiple threshold keywords

Latest stable complains and it will not load the rule in a regular run, however the message is not quite clear:
... Peter Manev

09/09/2024

04:33 PM Suricata Bug #7250 (New): tls version match can have incorrect behaviour

We have detailed TLS (event_type:tls) and flow (event_type:flow) logs where information about an encrypted session ... Peter Manev

06/17/2024

07:09 PM Suricata Feature #5646: rules: allow matching on flow pkts and bytes in either direction

"either" is good in my opinion. Peter Manev

09:53 AM Suricata Feature #7097: Additions to flow detection - size

This should cover it https://redmine.openinfosecfoundation.org/issues/5646 Peter Manev

06:55 AM Suricata Feature #7103 (Feedback): ssh: extra fields and keywords

Consider adding more ssh protocol fields (to the existing ssh protocol logging) and ssh keywords (to the rules for ... Peter Manev

06/16/2024

04:23 PM Suricata Feature #7101 (Feedback): eve: add number of flowbits in protocol records and alerts

Very useful for hunting can be the number of flowbits present in a protocol log or alert.
Details: https://www.st... Peter Manev