Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Tags: default personal
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

default personal
f634da61c9ed...
Mats Klepsland
ja3s-string: move unittests to tests/
e125e58c9740...
Mats Klepsland
detect-tls-cert-issuer: move unittests to tests/
de983fb7c986...
Jeff Lucovsky
app-layer-ftp: Potential memory leak fixed
Ensure that when handling failures during STOR command
processing, that all memory is freed on the error path.
d15903a2efb4...
Mats Klepsland
userguide: add documentation for Ja3SGetString Lua function
b59e82a6426a...
Mats Klepsland
userguide: add documentation for ja3s.string keyword
b1d5fe9657e6...
Mats Klepsland
lua: add Ja3SGetHash function
Add Ja3SGetHash() to return the content of the JA3S hash buffer from
the TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3s_hash.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3s_hash = Ja3SGetHash()
      if ja3s_hash == nil then
          return
      end

      file:write(ja3s_hash .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end

In the example above, each JA3S hash is logged to a log file.
adb4da3975b6...
Mats Klepsland
detect-tls-ja3-string: move unittests to tests/
a4eaef25d6ac...
Mats Klepsland
eve: add JA3S field to TLS JSON logger
Add JA3S object to TLS JSON logger (extended log).
a4471987bacc...
Mats Klepsland
app-layer-ssl: generate JA3S fingerprints
Generate JA3S fingerprints based on fields in the ServerHello record.
a260a57b6862...
Mats Klepsland
detect-tls-sni: move unittests to tests/
8baf64f5e9ab...
Andreas Herz
af-packet: fix setting block_timeout value through afpconfig
8a94b93b7b93...
Jeff Lucovsky
doc: Anomaly logging documentation
This changeset adds discussion of anomaly log records and
the anomaly log record format.
80cee5091623...
Mats Klepsland
detect: add (mpm) keyword ja3s.hash
Match on JA3S hash using ja3s.hash keyword, e.g:

  alert tls any any -> any any (msg:"ja3s.hash test";
      ja3s.hash; content:"b26c652e0a402a24b5ca2a660e84f9d5"; sid:1;)
800608ab65a7...
Mats Klepsland
userguide: add JA3S fields to the TLS logger documentation
76b94c7073c2...
Mats Klepsland
userguide: add documentation for ja3s.hash keyword
767bde5e74ab...
Mats Klepsland
detect-tls-cert-validity: move unittests to tests/
74a7b7e3cf23...
Mats Klepsland
detect-tls-ja3-hash: move unittests to tests/
736d35f36e02...
Mats Klepsland
ja3s-hash: move unittests to tests/
7020cffaa807...
Mats Klepsland
userguide: 'sticky' instead of 'Sticky' for all tls keywords
68455caa6a22...
Victor Julien
travis: add sphinx to trigger doc build
5d76f0897cc8...
Eric Leblond
af-packet: remove rollover reference
This patch removes reference to rollover in the configuration file
and add warnings when it is used.
5d3b94b3e494...
Mats Klepsland
detect-tls-cert-subject: move unittests to tests/
479e73b98e3c...
Mats Klepsland
detect-tls-version: move unittests to tests/
462a4e2b5b14...
Jeff Lucovsky
detect/analyzer: Improve warning message
This changeset modifies the warning printed when a rule
is determined to detect in both directions.
3e120668194c...
Philippe Antoine
http: adds events for each libhtp log
Fixes #997
3c57ac144c27...
Mats Klepsland
detect-ssl-version: move unittests to tests/
3a16009966d5...
Alexander Gozman
Bug #2965: fix NFQ arguments parsing
37a059441724...
Mats Klepsland
userguide: add documentation for JA3SGetHash Lua function
3646234ac58c...
Mats Klepsland
detect-tls-cert-fingerprint: move unittests to tests/
285855d92837...
Mats Klepsland
detect-tls: remove NULL settings from keyword registration
238797cc660c...
Mats Klepsland
detect-ssl-state: move unittests to tests/
1c04d7cdae8f...
Mats Klepsland
detect-tls: remove confusing underscores from variables
Remove confusing underscore prefix from variables in GetData() for
all tls keywords.
15012fc9085f...
Mats Klepsland
ja3: check if JA3 is disabled on one line
12d37b8b2c2d...
Mats Klepsland
detect-tls: tidy up unittests
By doing the following:
- removing unnecessary locks
- moving variable declarations
- removing redundant function 'SigCleanSignatures'
0f7f35bd8503...
Mats Klepsland
detect-tls: check return values of functions on setup
Check the return values of DetectBufferSetActiveList() and
DetectSignatureSetAppProto().
0d728ee4c6f3...
Mats Klepsland
detect-tls-cert-serial: move unittests to tests/
0b489f329c39...
Mats Klepsland
detect: add (mpm) keyword ja3s.string
Match on JA3S string using ja3s.string keyword, e.g:

  alert tls any any -> any any (msg:"ja3s.string test";
      ja3s.string; content:"10-11-12"; sid:1;)
03e8e658d7da...
Mats Klepsland
lua: add Ja3SGetString function
Add Ja3SGetString() to return the content of the JA3S string buffer from
the TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3s_string.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3s_string = Ja3SGetString()
      if ja3s_string == nil then
          return
      end

      file:write(ja3s_string .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end
037d50ef0623...
Philippe Antoine
signature: fix overflow in parsing
008f08c1b34d...
Mats Klepsland
detect-tls: declare ssl_state as const in GetData()