suricata-update-git

lp:suricata-update-git

Created by OISF and last modified
Get this branch:
bzr branch lp:suricata-update-git

Related bugs

Related blueprints

Branch information

Owner:
OISF
Project:
suricata-update-git
Status:
Development

Import details

Import Status: Failed

This branch is an import of the HEAD branch of the Git repository at https://github.com/OISF/suricata-update.git,branch=master.

The import has been suspended because it failed 5 or more times in succession.

Last successful import was .

Import started on juju-1e3bde-prod-lp-code-import-12 and finished taking 5 seconds — see the log
Import started on alnitak and finished taking 15 seconds — see the log
Import started on alnitak and finished taking 15 seconds — see the log
Import started on alnitak and finished taking 15 seconds — see the log

Recent revisions

192. By Vrinda Narayan <email address hidden>

Catch Keyboard Interrupt and exit cleanly.

Optimization #2878 https://redmine.openinfosecfoundation.org/issues/2878
Can be done by importing python library signal, and defining a function
signal_handler which will print a message if keyboard interrupt is
detected and exit the program.

191. By Vagisha Gupta <email address hidden>

Add "offline" command

Add a command line option `--offline` that uses locally cached
latest version of rules without trying to download rules from
sources.

190. By Vagisha Gupta <email address hidden>

Log a warning on duplicate SID

Currently when suricata-update encounters a rule with duplicate SIDs,
it silently uses the one with the higher revision without logging the
warnings.
On duplicate SID, warnings are logged for equal as well as different
revisions.

189. By Vidushi Agrawal <email address hidden>

Parse rule files alphabetically

Sort the file names before parsing them.
Example:
Currently,
```
suricata-update -v
```
generates
```
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/emerging-chat.rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing sslblacklist.rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/emerging-web_client.rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/botcc.portgrouped.rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/emerging-smtp.rules.
```
i.e., the rule files are not parsed in alphabetical order.

Thus, changing the parser to load these files in alphabetical order by sorting the filenames before starting to work on them fixes the issue. Now the output generated on running
```
suricata-update -v
```
is
```
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/botcc.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/ciarmy.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/compromised.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/drop.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/dshield.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/emerging-activex.rules.
```
Rules files are now parsed in sorted order.

Closes Redmine ticket #2892

188. By Konstantin Klinger <email address hidden>

add test cases for flowbit dependencies and noalert option

187. By Konstantin Klinger <email address hidden>

rule: recognise more noalert cases

This commit ensures that rules only tagged with "noalert;" option
and not only with "flowbits:noalert;" will get the rule.noalert
value set to true.

186. By Konstantin Klinger <email address hidden>

make sure that noalert is set in newly enabled rules

This commit adds functionality that ensures that previously
disabled rules enabled by flowbit dependencies will receive
the noalert option.

185. By Jason Ish

tests: update test index to latest index

184. By Jason Ish

doc: update default index url

From jasonish repo to
  https://www.openinfosecfoundation.org/rules/index.yaml

183. By Jason Ish

index: update embedded intel index

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers