upstream/suricata
1
0
Fork 0
mirror of https://github.com/OISF/suricata.git synced 2026-05-04 17:26:33 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 29
suricata/rules
History
Victor Julien 1732257923
Some checks are pending
builds / Prepare dependencies (push) Waiting to run
Details
builds / Prepare cbindgen (push) Waiting to run
Details
builds / AlmaLinux 10 (schema, plugins) (push) Blocked by required conditions
Details
builds / AlmaLinux 9 (schema, rust-checks) (push) Blocked by required conditions
Details
builds / AlmaLinux 9 Test Templates (push) Blocked by required conditions
Details
builds / Build RPMs (push) Blocked by required conditions
Details
builds / AlmaLinux 8 (push) Blocked by required conditions
Details
builds / CentOS Stream 9 (push) Blocked by required conditions
Details
builds / Fedora 43 (Suricata Verify codecov) (push) Blocked by required conditions
Details
builds / Fedora 43 (clang, debug, asan, wshadow, rust-strict, systemd) (push) Blocked by required conditions
Details
builds / Fedora 43 (gcc, debug, flto, asan, wshadow, rust-strict) (push) Blocked by required conditions
Details
builds / Fedora (non-root, debug, clang, asan, wshadow, rust-strict, no-ja) (push) Blocked by required conditions
Details
builds / AlmaLinux 9 (no jansson) (push) Blocked by required conditions
Details
builds / AlmaLinux 9 (Minimal/Recommended Build) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (cocci) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (RUSTC+CARGO vars) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (unittests coverage) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (unix socket mode coverage) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (afpacket and dpdk coverage) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (pcap unix socket ASAN) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (afpacket IPS tests in namespaces) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (afpacket and dpdk live tests with ASAN) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (fuzz corpus coverage) (push) Blocked by required conditions
Details
builds / Coveralls finish (push) Blocked by required conditions
Details
builds / Ubuntu 20.04 (-DNDEBUG) (push) Blocked by required conditions
Details
builds / Ubuntu 20.04 (unsupported rust) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (Debug Validation) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (Fuzz) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (Netmap build) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (Minimal/Recommended Build) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (DPDK Build) (push) Blocked by required conditions
Details
builds / Debian 12 (xdp) (push) Blocked by required conditions
Details
builds / Debian 13 (xdp) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 Dist Builder (push) Blocked by required conditions
Details
builds / Debian 12 MSRV (push) Blocked by required conditions
Details
builds / Debian 11 (push) Blocked by required conditions
Details
builds / MacOS Latest (push) Blocked by required conditions
Details
builds / Windows MSYS2 MINGW64 (NPcap) (push) Blocked by required conditions
Details
builds / Windows MSYS2 MINGW64 (libpcap) (push) Blocked by required conditions
Details
builds / Windows MSYS2 UCRT64 (libpcap) (push) Blocked by required conditions
Details
builds / Windows MSYS2 MINGW64 (WinDivert) (push) Blocked by required conditions
Details
builds / PF_RING (push) Blocked by required conditions
Details
CodeQL (Rust/C) / Analyze (push) Waiting to run
Details
Nix Env Build / tests (push) Waiting to run
Details
Scan-build / Scan-build (push) Waiting to run
Details
Scorecards supply-chain security / Scorecards analysis (push) Waiting to run
Details
ldap: add rules file to dist
2026-03-11 08:26:00 +01:00
..
app-layer-events.rules src: doc: remove more double-space typos 2026-01-14 12:49:11 +00:00
decoder-events.rules decoder/igmp: add decoder events 2026-03-01 06:45:44 +00:00
dhcp-events.rules dhcp: add dhcp app-layer rules file 2018-06-16 06:42:28 -06:00
dnp3-events.rules dnp3: bound the maximum number of objects per tx 2026-01-08 15:52:57 +01:00
dns-events.rules dns: improved handling of corrupt additionals 2025-01-10 09:16:34 +01:00
enip-events.rules enip: convert to rust 2024-06-07 13:54:22 +02:00
files.rules rules: spelling 2023-05-06 14:50:43 +02:00
ftp-events.rules ftp: add events for command too long 2023-01-26 15:51:54 +01:00
http-events.rules src: doc: remove more double-space typos 2026-01-14 12:49:11 +00:00
http2-events.rules http2: bound number of http2 frames per tx 2026-03-10 16:52:59 +01:00
ipsec-events.rules rules/ike: fix ike event names that have changed 2024-11-05 11:40:00 +01:00
kerberos-events.rules Kerberos 5: rename weak crypto to weak encryption, and log it 2018-06-13 10:25:40 +02:00
ldap-events.rules ldap: add ldap.rules file 2026-03-10 14:43:47 +01:00
Makefile.am ldap: add rules file to dist 2026-03-11 08:26:00 +01:00
mdns-events.rules rules: add mdns rules 2025-06-21 21:32:53 +02:00
modbus-events.rules rules/modbus: remove rule for event that not longer exists 2024-11-05 11:40:00 +01:00
mqtt-events.rules mqtt: raise event on parse error 2022-04-08 22:58:27 +02:00
nfs-events.rules nfs: limits the number of active transactions per flow 2022-02-16 14:24:37 +01:00
ntp-events.rules Add event rules for NTP events 2017-06-27 16:52:23 +02:00
pgsql-events.rules pgsql: add events 2025-02-19 09:21:37 +01:00
pop3-events.rules pop3: fix event rule 2025-06-05 19:14:34 +02:00
quic-events.rules quic: handle fragmented hello over multiple packets 2025-02-19 16:34:12 +01:00
README.md ldap: add ldap.rules file 2026-03-10 14:43:47 +01:00
rfb-events.rules rfb: never return error on unknown traffic 2023-06-27 09:44:59 +02:00
smb-events.rules smb: checks against nbss records length 2023-02-10 18:04:20 +01:00
smtp-events.rules src: doc: remove more double-space typos 2026-01-14 12:49:11 +00:00
ssh-events.rules rules: add SSH decoder events rules 2020-05-22 08:40:01 +02:00
stream-events.rules stream: add TCP urgent handling options 2024-12-11 14:50:39 +01:00
tls-events.rules src: doc: remove more double-space typos 2026-01-14 12:49:11 +00:00
websocket-events.rules app-layer: websockets protocol support 2024-04-17 07:17:02 +02:00

README.md

Suricata Reserved SID Allocations

Unless otherwise noted, each component or protocol is allocated 1000 signature IDs.

Components

Component Start End
Decoder 2200000 2200999
Stream 2210000 2210999
Generic App-Layer 2260000 2260999

App-Layer Protocols

Protocol Start End
SMTP 2220000 2220999
HTTP 2221000 2221999
NTP 2222000 2222999
NFS 2223000 2223999
IPsec 2224000 2224999
SMB 2225000 2225999
Kerberos 2226000 2226999
DHCP 2227000 2227999
SSH 2228000 2228999
MQTT 2229000 2229999
TLS 2230000 2230999
QUIC 2231000 2231999
FTP 2232000 2232999
POP3 2236000 2236999
LDAP 2237000 2237999
DNS 2240000 2240999
PGSQL 2241000 2241999
mDNS 2242000 2242999
MODBUS 2250000 2250999
DNP3 2270000 2270999
HTTP2 2290000 2290999