-
**Is your feature request related to a problem? Please describe.**
Occasionally a new alert or data source causes a massive amount of alerts. For example, a new rule in one of our client environments…
-
When a unified2 file that barnyard2 reads, contains Unified2PacketRecords with varying datalink types, the resulting pcap output (via tcpdump log ouput plugin) is partly unreadable.
Example: First pa…
-
Currently (2.4.100) analysts can modify YARA and Sigma rules, but when attempting to modify a Suricata rule a 401 error is returned.
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Current Behavior
Hello,
Via Kibana dashboards (for example : SN-FILE-Transactions), when you try to filter …
-
Hi again,
This is maybe linked to my previous issues with the updating process as it seems to impact iptables.
But I got an error trying to create a custom config file.
Below is what I did:
- cr…
-
So Ive got to a point Ive managed to get everything sorted:
selks-first-time-setup_stamus and selks-upgrade_stamus had no errors,
However after a reboot I have to start manually:
systemctl star…
-
Looking into the ECS documentation I don't see a schema for software.
I think this is different than user agent, which is more along the lines of HTTP user agent or such.
This would include things l…
-
Errors when collecting metrics with Suricata 7.0.3
```
WARN: Threads entry memcap_pressure not a map[string]
Threads entry memcap_pressure_max not a map[string]
```
suricata version - 7.0.3
su…
-
If you duplicate a variable and give it a single IP value, it provoques Suricata to crash:
1 - Go to Administration - Configuration
[EDITED: you have to activate Show All Configurable Settings]…
-
5-tuples aren't always the best way to define what a connection is. I believe it wouldn't be too difficult to allow redefining connection IDs to use a different set of fields, for example to include t…
rsmmr updated
7 months ago