lp:suricata-update-git
- Get this branch:
- bzr branch lp:suricata-update-git
Branch information
Import details
This branch is an import of the HEAD branch of the Git repository at https://github.com/OISF/suricata-update.git,branch=master.
Last successful import was .
Recent revisions
- 192. By Vrinda Narayan <email address hidden>
-
Catch Keyboard Interrupt and exit cleanly.
Optimization #2878 https:/
/redmine. openinfosecfoun dation. org/issues/ 2878
Can be done by importing python library signal, and defining a function
signal_handler which will print a message if keyboard interrupt is
detected and exit the program. - 191. By Vagisha Gupta <email address hidden>
-
Add "offline" command
Add a command line option `--offline` that uses locally cached
latest version of rules without trying to download rules from
sources. - 190. By Vagisha Gupta <email address hidden>
-
Log a warning on duplicate SID
Currently when suricata-update encounters a rule with duplicate SIDs,
it silently uses the one with the higher revision without logging the
warnings.
On duplicate SID, warnings are logged for equal as well as different
revisions. - 189. By Vidushi Agrawal <email address hidden>
-
Parse rule files alphabetically
Sort the file names before parsing them.
Example:
Currently,
```
suricata-update -v
```
generates
```
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/emerging-chat.rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing sslblacklist.rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/emerging-web_client. rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/botcc.portgrouped. rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/emerging-smtp.rules.
```
i.e., the rule files are not parsed in alphabetical order.Thus, changing the parser to load these files in alphabetical order by sorting the filenames before starting to work on them fixes the issue. Now the output generated on running
```
suricata-update -v
```
is
```
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/botcc.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/ciarmy.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/compromised.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/drop.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/dshield.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/emerging-activex. rules.
```
Rules files are now parsed in sorted order.Closes Redmine ticket #2892
- 188. By Konstantin Klinger <email address hidden>
-
add test cases for flowbit dependencies and noalert option
- 187. By Konstantin Klinger <email address hidden>
-
rule: recognise more noalert cases
This commit ensures that rules only tagged with "noalert;" option
and not only with "flowbits:noalert;" will get the rule.noalert
value set to true. - 186. By Konstantin Klinger <email address hidden>
-
make sure that noalert is set in newly enabled rules
This commit adds functionality that ensures that previously
disabled rules enabled by flowbit dependencies will receive
the noalert option. - 184. By Jason Ish
-
doc: update default index url
From jasonish repo to
https://www.openinfose cfoundation. org/rules/ index.yaml
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)