Open Information Security Foundation

06/25/2025

02:48 PM Suricata Feature #7786: Enhance --pcap-file-delete to Conditionally Delete PCAPs Based on Alerts

Ofer Dagan wrote in #note-3:
> What do you mean with integrating with our @pcap-log@? It should have no affect on th... Jason Ish

06/24/2025

04:10 PM Suricata Task #7788 (New): krb5: add failed_request keyword

To provide parity for the @krb5.failed_request@ log field.
See TODO comments in the eve schema.
Jason Ish

04:08 PM Suricata Task #7787 (New): krb5: add encryption keyword

To provide parity for the @krb5.encryption@ eve field.
This should also include an option for @weak_encryption@.
... Jason Ish

03:51 PM Suricata Feature #7786: Enhance --pcap-file-delete to Conditionally Delete PCAPs Based on Alerts

Is this intended to integrate with our @pcap-log@ output? Also, what are your thoughts on how you would track whether... Jason Ish

06/22/2025

05:41 PM Suricata Task #6941 (Closed): lua: review and document lua rule return types

Jason Ish

05:41 PM Suricata Documentation #6069 (Closed): userguide/install: move RPM distros to their own page

Jason Ish

05:40 PM Suricata Documentation #6252 (Closed): userguide/install: move Ubuntu distros to their own page

Jason Ish

05:40 PM Suricata Documentation #7749 (Closed): doc: update user manual seciton on RPMs

Jason Ish

06/20/2025

06:29 PM Suricata Task #7784 (New): detect: list app-layer-event keywords

Some EVE fields map to app-layer-event keywords, but there is no way to list app-layer-event keywords, for example: @... Jason Ish

06:24 PM Suricata Documentation #6288 (Closed): eve/schema: generate tables of data for app-layer protocols

Closing. I think this was creating tables for the documentation, and we now have an EVE reference in 8.0:
https://... Jason Ish