gonids
gonids copied to clipboard
google
gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum...
OSS-Fuzz has found a bug in this project. Please see https://oss-fuzz.com/testcase?key=5115516607397888 for details and reproducers. This issue is mirrored from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49328 and will auto-close if the status changes there. If...
I use the version github.com/google/gonids v0.0.0-20211022205232-4d00a2956aaa, and when using function gonids.ParseRule(resp.Snort) to parse our Snort rule, it returns error "rpc error: code = Unknown desc = invalid special characters escaping"....
Many examples in OISF ruleset[0] primarily stream-event, app-layer-event, decoder-event etc.) Probably most of these can just be tags? Documentation is rather sparse on some of these. [0] https://github.com/OISF/suricata/tree/master/rules
From issue #154 @satta notes: > There are other issues with parsing ETPRO at the moment, such as missing support for noalert without values in some places, [transformations](https://suricata.readthedocs.io/en/latest/rules/transforms.html) (such as...
Hi @duanehoward, I recently reached out via e-mail in regards to a PR I'd like to know if you'd find useful. Basically some additional validations, such as: * action keyword...
Hi, refering to network examples in these sections of docs: - [IPs](https://suricata.readthedocs.io/en/latest/rules/intro.html#source-and-destination) - [ports](https://suricata.readthedocs.io/en/latest/rules/intro.html#ports-source-and-destination) --------- ### Negated lists ``` s := `alert tcp any any -> any ![80,443,9000] (msg:"test"; content:"123";...
While looking through the code, I noticed that the lexer runs its main loop its own goroutine: ```go func lex(input string) (*lexer, error) { ... l := &lexer{ input: input,...
hello, i have a question about base64_decode: when i have a rule such as: `alert http any any -> any any (msg:"this is test", flow:established, to_server; http.request_body; content:"test"; fast_pattern; base64_decode:...
OSS-Fuzz has found a bug in this project. Please see https://oss-fuzz.com/testcase?key=4681913472516096 for details and reproducers. This issue is mirrored from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54867 and will auto-close if the status changes there. If...
OSS-Fuzz has found a bug in this project. Please see https://oss-fuzz.com/testcase?key=6648561149739008 for details and reproducers. This issue is mirrored from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385865975 and will auto-close if the status changes there. If...