lp:suricata-update-git

Created by Peter Manev on 2019-08-13 and last modified on 2019-08-13
Get this branch:
bzr branch lp:suricata-update-git

Related bugs

Related blueprints

Branch information

Owner:
Peter Manev
Project:
suricata-update-git
Status:
Development

Import details

Import Status: Reviewed

This branch is an import of the HEAD branch of the Git repository at git://github.com/OISF/suricata-update.git,branch=master.

The next import is scheduled to run in 1 hour.

Last successful import was 4 hours ago.

Import started 4 hours ago on alnitak and finished 4 hours ago taking 15 seconds — see the log
Import started 11 hours ago on alnitak and finished 11 hours ago taking 15 seconds — see the log
Import started 17 hours ago on alnitak and finished 17 hours ago taking 15 seconds — see the log
Import started 23 hours ago on alnitak and finished 23 hours ago taking 15 seconds — see the log
Import started on 2019-08-23 on alnitak and finished on 2019-08-23 taking 15 seconds — see the log
Import started on 2019-08-23 on alnitak and finished on 2019-08-23 taking 15 seconds — see the log
Import started on 2019-08-23 on alnitak and finished on 2019-08-23 taking 15 seconds — see the log
Import started on 2019-08-22 on alnitak and finished on 2019-08-22 taking 15 seconds — see the log
Import started on 2019-08-22 on alnitak and finished on 2019-08-22 taking 15 seconds — see the log
Import started on 2019-08-22 on alnitak and finished on 2019-08-22 taking 15 seconds — see the log

Recent revisions

192. By Vrinda Narayan <email address hidden> on 2019-08-05

Catch Keyboard Interrupt and exit cleanly.

Optimization #2878 https://redmine.openinfosecfoundation.org/issues/2878
Can be done by importing python library signal, and defining a function
signal_handler which will print a message if keyboard interrupt is
detected and exit the program.

191. By Vagisha Gupta <email address hidden> on 2019-08-04

Add "offline" command

Add a command line option `--offline` that uses locally cached
latest version of rules without trying to download rules from
sources.

190. By Vagisha Gupta <email address hidden> on 2019-08-04

Log a warning on duplicate SID

Currently when suricata-update encounters a rule with duplicate SIDs,
it silently uses the one with the higher revision without logging the
warnings.
On duplicate SID, warnings are logged for equal as well as different
revisions.

189. By Vidushi Agrawal <email address hidden> on 2019-08-04

Parse rule files alphabetically

Sort the file names before parsing them.
Example:
Currently,
```
suricata-update -v
```
generates
```
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/emerging-chat.rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing sslblacklist.rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/emerging-web_client.rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/botcc.portgrouped.rules.
24/3/2019 -- 10:38:16 - <Debug> -- Parsing rules/emerging-smtp.rules.
```
i.e., the rule files are not parsed in alphabetical order.

Thus, changing the parser to load these files in alphabetical order by sorting the filenames before starting to work on them fixes the issue. Now the output generated on running
```
suricata-update -v
```
is
```
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/botcc.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/ciarmy.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/compromised.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/drop.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/dshield.rules.
24/3/2019 -- 10:34:24 - <Debug> -- Parsing rules/emerging-activex.rules.
```
Rules files are now parsed in sorted order.

Closes Redmine ticket #2892

188. By Konstantin Klinger <email address hidden> on 2019-05-10

add test cases for flowbit dependencies and noalert option

187. By Konstantin Klinger <email address hidden> on 2019-05-10

rule: recognise more noalert cases

This commit ensures that rules only tagged with "noalert;" option
and not only with "flowbits:noalert;" will get the rule.noalert
value set to true.

186. By Konstantin Klinger <email address hidden> on 2019-05-10

make sure that noalert is set in newly enabled rules

This commit adds functionality that ensures that previously
disabled rules enabled by flowbit dependencies will receive
the noalert option.

185. By Jason Ish on 2019-04-26

tests: update test index to latest index

184. By Jason Ish on 2019-04-26

doc: update default index url

From jasonish repo to
  https://www.openinfosecfoundation.org/rules/index.yaml

183. By Jason Ish on 2019-04-26

index: update embedded intel index

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers