Jakub Onderka
507e07b868
chg: [export] Fix notice in NISD export
2024-01-27 17:07:36 +01:00
Jakub Onderka
5f8d979877
chg: [export] NidsExport code cleanup
2024-01-27 16:06:31 +01:00
Jakub Onderka
098d95545b
fix: [export] Skip empty objects
2022-09-27 08:45:27 +02:00
Jakub Onderka
948c6f2b0a
chg: [internal] Mark NidsExport class as abstract
2022-09-22 14:44:58 +02:00
Johannes Bader
e6d039ede8
fixes issue 6379
2022-08-11 17:48:18 +02:00
Sami Mokaddem
4ab4121d05
Merge remote-tracking branch 'origin/develop' into emmekappa86-feature-snort-rule-from-network-connection
2022-06-29 12:37:50 +02:00
Johannes Bader
27e6c60b89
Fixes issue #6379
...
The NIDS export creates two rules for attributes with type 'email' (a
src and dst rule). However, the same SID was used for both rules. Since
SIDs must be unique for a ruleset, this will be logged as an error by
Suricata and the rule is not loaded (see issue #6379 ).
This fixes the issue by incrementing the SID before creating the second
email rule.
2022-06-07 21:23:02 +02:00
Marco Caselli
653fe1c901
Fixed indentation
2021-10-01 11:21:49 +02:00
Marco Caselli
0180da6b57
Fixing mistake ("data" -> "event")
2021-10-01 11:17:02 +02:00
Marco Caselli
a04694a5b4
Code polishing
2021-09-15 12:59:19 +02:00
Marco Caselli
e71e46c118
fixes + ddos object handling
2021-09-15 12:34:26 +02:00
Marco Caselli
3e88fe35d7
new: update to handle network connection objects
2021-06-22 08:18:56 +02:00
Alex Resnick
8519f0c968
#6355 Create JA3 Hash Suricata Rules
2020-12-11 08:07:57 -06:00
iglocska
34d186a2dc
chg: [nids] added email type
2020-09-03 12:05:00 +02:00
garanews
85c28ce36e
Fix some typo
...
Fix some typo
2019-10-04 13:02:59 +02:00
Richard van den Berg
9da8ed86c5
Fix errors on NIDS export when whitelist is empty
2019-07-17 12:46:43 +02:00
Richard van den Berg
22cc03bb23
Match EDNS packets with snort rules
2019-05-17 14:34:18 +02:00
iglocska
2e7dfc9273
new: [API] Correctly handle objects in flat exports and exposed text export to event level search
2018-09-14 14:34:01 +02:00
iglocska
7c3ddacd1e
new: [API] NIDS exports now correctly support event and attribute level exports
...
- also, suricata/snort rules now include both the event and the attribute tags in the metadata
2018-09-03 17:50:08 +02:00
iglocska
a000d86f85
new: [API] Made the NIDS export compatible with the new API
2018-08-30 21:56:00 +02:00
iglocska
a81894f14c
chg: [CS] Changed to PSR-2
...
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
2018-07-19 11:48:22 +02:00
Andras Iklody
eef8b55120
Merge pull request #2128 from deloittem/2.4
...
Snort attribute generation rule now contains the initial msg field
2017-05-09 10:46:47 +02:00
Ángel González
926895733b
Cosmetic changes
...
Change space indents to tabs
Remove ?> at end of file
Add or remove some indentation where appropriate
2017-05-08 00:45:57 +02:00
deloittem
5c2bc871ca
Update rule generation for attribute snort: generated rule now contains the initial snort rule msg
2017-04-10 15:57:33 +02:00
Mathieu Deloitte
47bcd264e2
Manage the new attributes IP-SRC|PORT and IP-DST|PORT when exporting NIDS rules
2017-03-22 16:19:32 +01:00
Mathieu Deloitte
59df951071
Only display the tag name if the array contains values (depending if the tag is exportable or not)
2017-03-09 08:48:22 +01:00
Mathieu Deloitte
27b2effffd
Add the attribute tags to the msg field (Suricata rule) to sort easier the raised alerts
2017-03-08 15:04:45 +01:00
Mathieu Deloitte
98864fb82e
NidsSuricataExport refactoring for attribute *URL*
2017-02-08 14:12:30 +01:00
Armins
4c67f0a2c8
Added fast_pattern
2016-12-07 18:07:12 +02:00
Iglocska
7e75aafc22
fix: Added domain|ip to nids exports
2016-11-09 17:08:06 +01:00
Andreas Ziegler
4b8a82098d
chg: replace 4 spaces after tab by double tab
2016-09-05 00:45:51 +02:00
iglocska
d85fd0d813
fix: Fixed a newly introduced bug that breaks the NIDS exports, as referenced in #1489
2016-09-01 14:44:03 +02:00
iglocska
8f528ae881
fix: Removed incorrect uses of pass by reference, fixes #1472
2016-08-24 09:50:19 +02:00
Andreas Ziegler
c1eda1e04b
remove single spaces after tabs
2016-06-04 01:54:19 +02:00
Andreas Ziegler
dc0974a55b
misc cleanup
2016-05-21 05:10:49 +02:00
Iglocska
684be69ed0
Incremental export generation for HIDS and NIDS exports
...
- Instead of fetching all events at once for the export, events are fetched one by one
- Greatly reduces memory footprint (It mostly depends on the event with the most eligible attributes now, instead of the combined list of all events)
- Because of the lower memory usage, the time taken for the export is also slashed to a fragment of what it was before
2015-07-20 16:25:16 +02:00
iglocska
b178358f2a
Default config.php added
2014-09-10 11:48:48 +02:00
Christophe Vandeplas
f4e6e3fb12
regex bugfix in the ids export + suricata export using dns keyword
2014-07-29 14:28:34 +02:00
iglocska
22c8105f58
Mass replace replace of the old CyDefSig name to MISP - fixes #82
2014-02-05 15:01:26 +01:00
iglocska
50f3fa40d0
Merge branch 'develop' into feature/CakeResque
...
Also, more work on the background jobs
- started work on publishing
- started making the background jobs an optional setting in bootstrap
Conflicts:
app/Controller/AppController.php
app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
iglocska
48383fe25b
Next version of exports done
2013-11-19 11:03:30 +01:00