├── .github ├── pull_request_template.md └── workflows │ └── builds.yml ├── .gitignore ├── LICENSE.txt ├── README.md ├── check-eve.py ├── clean.sh ├── createst.py ├── etc ├── classification.config ├── reference.config ├── suricata-3.1.2.yaml └── suricata-4.0.3.yaml ├── eve-validator ├── .gitignore ├── Cargo.lock ├── Cargo.toml └── src │ └── main.rs ├── pcap-check.sh ├── pcapng-check.sh ├── pcaps ├── 20250129-dns-with-additionals.pcap ├── 20250129-dns-with-additionals.pcap.txt ├── 20250221-dns-ptr.pcap ├── 20250221-dns-ptr.pcap.txt ├── 20250224-dns-additionals-with-cname.pcap └── 20250224-dns-additionals-with-cname.txt ├── requirements.txt ├── run.py ├── tests ├── 7858-stream-events │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── alert-distance-within-1 │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── alert-max │ ├── alert-max-20 │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── alert-max-append-higher-priority │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ └── alert-max-default │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py ├── alert-no-3whs-established │ ├── no-3whs.pcap │ ├── test.rules │ └── test.yaml ├── alert-testmyids-async │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── alert-testmyids-frames │ ├── default.yaml │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── alert-testmyids-midstream │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── alert-testmyids-midstream3 │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── alert-testmyids-midstream5 │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── alert-testmyids-not-established │ ├── README.md │ ├── default.yaml │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── alert-testmyids │ ├── default.yaml │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── app-layer-template │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── base64-decode-5885 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── base64-issue-5223-6 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── base64-issue-5223 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── base64 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bittorrent-dht │ ├── input.pcap │ └── test.yaml ├── bpf-command-line │ ├── test.rules │ └── test.yaml ├── bug-1045 │ ├── smtp.rules │ ├── smtpsuricataflowbitsFN.pcap │ └── test.yaml ├── bug-130 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-1401-01 │ ├── 1.rules │ └── test.yaml ├── bug-1401-02 │ ├── 2.rules │ └── test.yaml ├── bug-1401-03 │ ├── 1.rules │ ├── 80000000-037-PTP_Example_IPv4_HTTP_Session-PUBLIC-tp-01.pcap │ └── test.yaml ├── bug-1401-04 │ ├── 2.rules │ └── test.yaml ├── bug-1449-01 │ ├── README.md │ ├── smtp-events.rules │ ├── suricata_stackoverflow.pcap │ └── test.yaml ├── bug-1450-02 │ ├── README.md │ ├── test.yaml │ └── tls-events.rules ├── bug-1450-03 │ ├── README.md │ ├── test.yaml │ └── tls-events.rules ├── bug-1450-04 │ ├── README.md │ ├── test.yaml │ ├── tls-events.rules │ └── tls_DER-incomplete-header.pcap ├── bug-1450-05 │ ├── README.md │ ├── test.yaml │ ├── tls-events.rules │ └── tls_DER-incomplete-content.pcap ├── bug-2158 │ ├── dns.rules │ ├── public-ex1_section8_Sofacy.pcap │ └── test.yaml ├── bug-2190 │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── threshold.config ├── bug-2430 │ ├── backwards.pcap │ └── test.yaml ├── bug-2482-01 │ ├── proxyCONNECT_443.pcap │ ├── test.rules │ └── test.yaml ├── bug-2491-01 │ ├── async-oneside-test.rules │ ├── simple_http_download.onesided.pcap │ └── test.yaml ├── bug-2491-02 │ ├── async-oneside-test.rules │ ├── simple_http_download.onesided.nosyn.pcap │ ├── suricata.yaml │ └── test.yaml ├── bug-2511 │ ├── 1.rules │ ├── response_identity_identity_gzip_identity_gzip_gzip.pcap │ └── test.yaml ├── bug-2512 │ ├── sample_10.62.112.41_62227.pcap │ └── test.yaml ├── bug-2558-01 │ ├── 1.rules │ └── test.yaml ├── bug-2558-02 │ ├── 1.rules │ ├── 2008.mp4.pcap │ └── test.yaml ├── bug-2576-01-ips │ ├── md5list.2576 │ ├── suricata.yaml │ ├── temp6.pcap │ ├── test.rules │ └── test.yaml ├── bug-2576-01 │ ├── md5list.2576 │ ├── suricata.yaml │ ├── temp6.pcap │ ├── test.rules │ └── test.yaml ├── bug-2576-02-ips │ ├── md5list.2576 │ ├── suricata.yaml │ ├── temp1.pcap │ ├── test.rules │ └── test.yaml ├── bug-2576-02 │ ├── md5list.2576 │ ├── suricata.yaml │ ├── temp1.pcap │ ├── test.rules │ └── test.yaml ├── bug-2576-03-ips │ ├── md5list.2576 │ ├── suricata.yaml │ ├── temp6.pcap │ ├── test.rules │ └── test.yaml ├── bug-2576-03 │ ├── md5list.2576 │ ├── suricata.yaml │ ├── temp6.pcap │ ├── test.rules │ └── test.yaml ├── bug-2576-04-ips │ ├── md5list.2576 │ ├── suricata.yaml │ ├── temp6.pcap │ ├── test.rules │ └── test.yaml ├── bug-2576-04 │ ├── md5list.2576 │ ├── suricata.yaml │ ├── temp6.pcap │ ├── test.rules │ └── test.yaml ├── bug-2646-01 │ ├── input.pcap │ └── test.yaml ├── bug-2646-02 │ ├── input.pcap │ └── test.yaml ├── bug-2736-01 │ ├── 23_6594.pcap │ ├── test.rules │ └── test.yaml ├── bug-2736-02 │ ├── suricata.0400.pcap │ ├── test.rules │ └── test.yaml ├── bug-2769 │ ├── README │ ├── issue_no_icmp.pcap │ ├── test.rules │ └── test.yaml ├── bug-28 │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-2917 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── bug-3286-01-no-evasion │ ├── test.rules │ ├── test.yaml │ └── without_evasion.pcap ├── bug-3286-02-linux-evasion │ ├── test.rules │ ├── test.yaml │ └── with_evasion_linux.pcap ├── bug-3286-03-windows-evasion │ ├── test.rules │ ├── test.yaml │ └── with_evasion_windows.pcap ├── bug-3463 │ ├── test.rules │ └── test.yaml ├── bug-3490 │ ├── test.rules │ └── test.yaml ├── bug-3515 │ ├── test.rules │ └── test.yaml ├── bug-3519 │ ├── input.pcap │ └── test.yaml ├── bug-3616-ips │ ├── input.pcap │ ├── input.rules │ └── test.yaml ├── bug-3616-smtp │ ├── input.pcap │ ├── input.rules │ └── test.yaml ├── bug-3616-urldecode │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-3616 │ ├── input.rules │ └── test.yaml ├── bug-3844 │ ├── input.pcap │ ├── test.yaml │ └── writepcap.py ├── bug-4199-2 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-4199-3 │ ├── test.rules │ └── test.yaml ├── bug-4199-4 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-4199 │ ├── test.rules │ └── test.yaml ├── bug-4376 │ ├── README.md │ ├── syn_retransmit_with_ts.pcap │ ├── test.rules │ └── test.yaml ├── bug-4394-pdonly-drop │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4503 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-4571-01 │ ├── README.md │ ├── ipv4_over_ipv4.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4571-02 │ ├── README.md │ ├── ipv6.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4571-03-pre-8 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4571-03 │ ├── README.md │ ├── ipv6_over_ipv6.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4571-04 │ ├── README.md │ ├── ipv6_over_ipv4.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4571-05 │ ├── README.md │ ├── ipv4.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4571-06-pre-8 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4571-06 │ ├── README.md │ ├── ipv4_over_ipv6.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4623 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-4663-02 │ ├── icmp.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4663-03 │ ├── icmp_and_ssh.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4663 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4702-01 │ ├── input.pcap │ ├── test.yaml │ └── writepcap.py ├── bug-4702-02 │ ├── README.md │ ├── test.yaml │ └── tsecr.pcap ├── bug-4810 │ ├── README.md │ ├── pppoe-session-http.pcap │ ├── suricata.yaml.bkp │ └── test.yaml ├── bug-4877 │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-4903 │ ├── bug-4903-01 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-4903-02 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-4903-03 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ └── bug-4903-04 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml ├── bug-4953 │ ├── README.md │ ├── file76.pcap │ └── test.yaml ├── bug-5066-iponly-cidr-ordering-01 │ ├── suricata.yaml │ ├── test-limit.pcap │ ├── test.rules │ └── test.yaml ├── bug-5066-iponly-cidr-ordering-02 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5066-iponly-cidr-ordering-03 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5066-iponly-cidr-ordering-04 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5066-iponly-cidr-ordering-05 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5162 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-5197 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-5198 │ ├── README.md │ └── test.yaml ├── bug-5220 │ ├── bug-5220-1 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-5220-2 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-5220-3 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-5220-4 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-5220-5 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-5220-6 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ └── bug-5220-7 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml ├── bug-5392 │ ├── TPWhite-carved-out-7787-s1.pcap │ ├── suricata.yaml │ └── test.yaml ├── bug-5437-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-5437-02 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-5464-verdict-01 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5464-verdict-02 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5464-verdict-03 │ ├── README.md │ ├── input.rules │ ├── suricata.yaml │ └── test.yaml ├── bug-5464-verdict-04 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5464-verdict-05 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── bug-5464-verdict-06 │ ├── README.md │ ├── input.rules │ ├── suricata.yaml │ └── test.yaml ├── bug-5464-verdict-07 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5486 │ ├── 154.pcap │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── bug-5578-http-dsize-drop │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5633-gre-01 │ ├── gre-udp.pcap │ ├── gre-udp.py │ ├── test.rules │ └── test.yaml ├── bug-5633-gre-02 │ ├── README.md │ ├── gre-sample.pcap │ ├── test.rules │ └── test.yaml ├── bug-5758 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-5780-01-http2-header │ ├── test.rules │ └── test.yaml ├── bug-5802 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5825-midstream-exception-policy │ ├── exception-policy-ids-midstream-disabled-bypass │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ids-midstream-disabled-drop-flow │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ids-midstream-disabled-drop-packet │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ids-midstream-disabled-ignore │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ids-midstream-disabled-pass-flow │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ids-midstream-disabled-pass-packet │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ids-midstream-enabled-bypass │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ids-midstream-enabled-drop-flow │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ids-midstream-enabled-drop-packet │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ids-midstream-enabled-ignore │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ids-midstream-enabled-pass-flow │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ids-midstream-enabled-pass-packet │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ids-midstream-enabled-reject │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ips-midstream-disabled-bypass │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ips-midstream-disabled-drop-flow │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ips-midstream-disabled-drop-packet │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ips-midstream-disabled-ignore │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ips-midstream-disabled-pass-flow │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ips-midstream-disabled-pass-packet │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ips-midstream-disabled-reject │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ips-midstream-enabled-bypass │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ips-midstream-enabled-drop-flow │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ips-midstream-enabled-drop-packet │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── exception-policy-ips-midstream-enabled-ignore │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ips-midstream-enabled-pass-flow │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-ips-midstream-enabled-pass-packet │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ └── exception-policy-ips-midstream-enabled-reject │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml ├── bug-5867-fp-drop-01 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-5881-01 │ ├── input.pcap │ ├── stream-events.rules │ └── test.yaml ├── bug-5929-01 │ ├── 1e3b98e5dad2954.pcap │ ├── README.md │ ├── test.rules │ └── test.yaml ├── bug-5929-02 │ ├── http2_multiple_headers.pcap │ ├── test.rules │ └── test.yaml ├── bug-6109-reject-policy-ids │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-6149-exception-policy-auto-ids │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-6149-exception-policy-auto-ips │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-6191 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── bug-6207-1 │ ├── README.md │ ├── input.pcap │ ├── invalid-base64-mime.syn │ └── test.yaml ├── bug-6207-2 │ ├── README.md │ ├── input.pcap │ ├── invalid-base64-mime.syn │ ├── suricata.rules │ ├── suricata.yaml │ └── test.yaml ├── bug-6244-tcp-rst-with-data-02 │ ├── tcp-rst-with-data.pcap │ ├── tcp-rst-with-data.py │ ├── test.rules │ └── test.yaml ├── bug-6244-tcp-rst-with-data │ ├── tcp-rst-with-data.pcap │ ├── tcp-rst-with-data.py │ ├── test.rules │ └── test.yaml ├── bug-6269-01 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-6269-02-ips │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-6278-1 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── bug-6278-2 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── bug-6402-01 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-6617 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-6733-syn-packet-flow-output │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-6859 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── bug-6875-01 │ ├── README.md │ ├── fuzz.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-7126 │ ├── README.md │ ├── input.pcap │ ├── input.rules │ └── test.yaml ├── bug-7199 │ ├── README.md │ ├── TLPW-curl-http-suricata.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-7241-01-8plus │ ├── test.rules │ └── test.yaml ├── bug-7241-02-pre8 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── bug-7264-tcp-3whs-ack-data-tls-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-7389 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── bug-7390 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-7414-decoder-event-01 │ ├── README.md │ ├── decoder-event.rules │ ├── ip_secopt.pcap │ ├── suricata.yaml │ └── test.yaml ├── bug-7414-decoder-event-02-ips │ ├── README.md │ ├── decoder-event.rules │ ├── suricata.yaml │ └── test.yaml ├── bug-7549-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-7549-02 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── bug-7552 │ ├── bug-7552-01 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ └── bug-7552-02 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml ├── bug-76 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── bug-7657-01 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-7657-02-ips │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-7725-01 │ ├── README.md │ ├── ip_in_ip.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-7725-02 │ ├── README.md │ ├── ip_in_ip.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-7725-03 │ ├── README.md │ ├── ip_in_ip.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-7725-04 │ ├── README.md │ ├── ip_in_ip.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── bug-78-http-uri │ ├── README │ ├── test.rules │ └── test.yaml ├── bug-78-uricontent │ ├── README │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-7964-01 │ ├── README.md │ ├── editable-ipv4-in-ipv6.txt │ ├── test.rules │ ├── test.yaml │ └── wrong-version-ipv4-ipv6.pcap ├── bug-7964-02 │ ├── README.md │ ├── editable-ip6-in-ip6.txt │ ├── test.rules │ ├── test.yaml │ └── wrong-version-ipv6-ipv6.pcap ├── bug-814 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── bug-docs-5030-01 │ ├── 35_bytes.pcap │ ├── README.md │ ├── test.rules │ └── test.yaml ├── bug-docs-5030-02 │ ├── 39_bytes.pcap │ ├── README.md │ ├── test.rules │ └── test.yaml ├── bypass-depth-disabled │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── bypass-depth-enabled │ ├── README.md │ └── test.yaml ├── bypass-ssh-enabled │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── bypass-tls-disabled │ ├── README.md │ └── test.yaml ├── bypass-tls-enabled │ ├── README.md │ └── test.yaml ├── byte-extract-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── classification-config-validate-01 │ ├── classification.config │ ├── test.rules │ └── test.yaml ├── classification-config-validate-02 │ ├── classification.config │ ├── test.rules │ └── test.yaml ├── community-id-ipv4 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── community-id-ipv6 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── community-id-sameip │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── cond-log-dns-dig │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── cond-log-http-testmyids │ ├── test.rules │ └── test.yaml ├── config-includes-array │ ├── README.md │ ├── af-packet.yaml │ ├── suricata.yaml │ └── test.yaml ├── config-includes │ ├── overrides.yaml │ ├── suricata.yaml │ └── test.yaml ├── content-incomplete-hex-t-version-6-strict │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── content-incomplete-hex-t-version-7-init-errors-fatal │ ├── README.md │ ├── empty.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── content-incomplete-hex-t-version-7-plus │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── datajson │ ├── datajson-01-ip │ │ ├── input.pcap │ │ ├── src.lst │ │ ├── test.rules │ │ └── test.yaml │ ├── datajson-02-multiple │ │ ├── host.lst │ │ ├── input.pcap │ │ ├── src.lst │ │ ├── test.rules │ │ └── test.yaml │ ├── datajson-03-jsonline │ │ ├── host.lst │ │ ├── src.lst │ │ ├── test.rules │ │ └── test.yaml │ ├── datajson-04-hashes │ │ ├── badmd5.lst │ │ ├── badsha.lst │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── datajson-05-duplicate │ │ ├── host.lst │ │ ├── input.pcap │ │ ├── src.lst │ │ ├── test.rules │ │ └── test.yaml │ ├── datajson-06-remove-key │ │ ├── host.lst │ │ ├── src.lst │ │ ├── test.rules │ │ └── test.yaml │ ├── datajson-07-dataset │ │ ├── host.lst │ │ ├── input.pcap │ │ ├── ip.lst │ │ ├── test.rules │ │ └── test.yaml │ ├── datajson-08-invalid-json │ │ ├── input.pcap │ │ ├── ip.lst │ │ ├── test.rules │ │ └── test.yaml │ ├── datajson-09-jsonformat │ │ ├── hosts-direct.json │ │ ├── hosts-nested-key.json │ │ ├── hosts-nested.json │ │ ├── hosts.json │ │ ├── input.pcap │ │ ├── src.json │ │ ├── test.rules │ │ └── test.yaml │ ├── datajson-10-remove-nested-key │ │ ├── host.lst │ │ ├── src.lst │ │ ├── test.rules │ │ └── test.yaml │ └── datajson-11-ipv4 │ │ ├── input.pcap │ │ ├── src.lst │ │ ├── test.rules │ │ └── test.yaml ├── datarep-01 │ ├── datarep.rules │ ├── dns_string.rep │ ├── input.pcap │ ├── test.yaml │ └── writepcap.py ├── datarep-02 │ ├── datarep.rules │ ├── dns_md5.rep │ ├── dns_sha256.rep │ ├── dns_string.rep │ ├── test.yaml │ └── writepcap.py ├── datarep-03-bad-reputation │ ├── datarep.rules │ ├── dns_md5.rep │ └── test.yaml ├── dataset-hash-collisions │ ├── README.md │ ├── hash-collision-strings │ ├── test.rules │ └── test.yaml ├── datasets-01 │ ├── expected │ │ └── datasets.csv │ ├── test.rules │ └── test.yaml ├── datasets-02-load │ ├── datasets.csv │ ├── test.rules │ └── test.yaml ├── datasets-03-set │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── datasets-04-http-dns │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── datasets-05-state │ ├── expected │ │ └── state.csv │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── datasets-06-state-long │ ├── expected │ │ └── state.csv │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── datasets-07-state-ip │ ├── expected │ │ └── state.csv │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── datasets-08-state-ipv6 │ ├── expected │ │ └── state.csv │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── datasets-09-load │ ├── datasets-ip.csv │ ├── datasets-ipv4.csv │ ├── test.rules │ └── test.yaml ├── datasets-10-unset │ ├── README.md │ ├── expected │ │ └── after.csv │ ├── test.rules │ ├── test.yaml │ └── unset.pcap ├── datasets-1m-StringSets │ ├── datasets.csv │ ├── test.rules │ └── test.yaml ├── datasets-bug-5109 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── datasets-invalid-encoding │ ├── README.md │ ├── datasets.csv │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── datasets-memcap-01 │ ├── README.md │ ├── datasets.csv │ ├── test.rules │ └── test.yaml ├── datasets-memcap-02 │ ├── README.md │ ├── datasets.csv │ ├── test.rules │ └── test.yaml ├── datasets-pcrexform │ ├── expected │ │ └── uri-param-seen.csv │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── datasets-state-isnotset │ ├── README.md │ ├── test.rules │ └── test.yaml ├── datasets │ ├── datarep-bad-datarep-string │ │ ├── datarep.rules │ │ ├── dns_string.rep │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── datarep-bad-datarep-value │ │ ├── datarep.rules │ │ ├── dns_string.rep │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── datarep-datasets-mix │ │ ├── datasets.csv │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── datasets-absolute-allowed-pre8 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── datasets-absolute-allowed-winonly │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── datasets-absolute-allowed │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── datasets-absolute-path │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── datasets-datarep-mix │ │ ├── datarep.rules │ │ ├── dns_string.rep │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── datasets-deny-save │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── datasets-lua-01 │ │ ├── dataset-lua.rules │ │ ├── dataset.lua │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── datasets-lua-02 │ │ ├── dataset-dns.lua │ │ ├── dataset-lua.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── datasets-parent-path │ │ ├── README.md │ │ ├── one-packet.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ └── datasets-set-ip │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml ├── dcerpc-issue-7187-01 │ ├── README.md │ ├── test.pcap │ ├── test.rules │ └── test.yaml ├── dcerpc-request-http-response │ ├── README.md │ ├── input.pcap │ ├── test.yaml │ └── writepcap.py ├── dcerpc-smb-fail │ ├── README.md │ ├── test.rules │ └── test.yaml ├── dcerpc-smb-test-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── dcerpc │ ├── dce-gap-handling │ │ ├── input.pcap │ │ └── test.yaml │ ├── dce-logging │ │ └── test.yaml │ ├── dcerpc-3109 │ │ ├── README │ │ ├── dcerpc.rules │ │ ├── input.pcap │ │ └── test.yaml │ ├── dcerpc-dce-iface-01 │ │ ├── 20171220_smb_psexec_mimikatz_ticket_dump-s2.pcap │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dcerpc-dce-iface-02 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── dcerpc-dce-iface-03 │ │ ├── test.rules │ │ └── test.yaml │ ├── dcerpc-dce-iface-04 │ │ ├── test.rules │ │ └── test.yaml │ ├── dcerpc-dce-iface-many │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── dcerpc-dce-opnum │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dcerpc-dce-stub-data │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dcerpc-dcepayload │ │ ├── test.rules │ │ └── test.yaml │ ├── dcerpc-frames │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── dcerpc-udp-scapy │ │ ├── dcerpc_udp_scapy.py │ │ ├── input.pcap │ │ └── test.yaml │ └── zerologon │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml ├── decode-arp-1 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── decode-arp-2 │ ├── README.md │ ├── arp.pcap │ ├── suricata.yaml │ └── test.yaml ├── decode-arp-3 │ ├── README.md │ ├── arp-encap.pcap │ ├── suricata.yaml │ └── test.yaml ├── decode-chdlc-01 │ ├── README.md │ ├── hdlc-http_1tx.pcap │ ├── test.rules │ └── test.yaml ├── decode-chdlc-02 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── decode-dce │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── decode-erspan-typeI-01 │ ├── README.md │ └── test.yaml ├── decode-erspan-typeI-02 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── decode-erspan-typeII-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── decode-etag-01 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── decode-etag-02 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── decode-nsh-type1 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── decode-nsh-type2 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── decode-sctp-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── decode-sll2-01 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── decode-sll2-02 │ ├── README.md │ ├── input.pcap │ ├── input.rules │ ├── suricata.yaml │ └── test.yaml ├── decode-teredo-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── decode-too-many-layers │ ├── README.md │ ├── ethmpls.py │ ├── input.pcap │ └── test.yaml ├── decode-too-small │ ├── README.md │ ├── test.pcap │ ├── test.py │ ├── test.rules │ └── test.yaml ├── decode-unknown-1 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── decode-unknown-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── decode-vntag-01 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── decode-vntag-02 │ ├── README.md │ └── test.yaml ├── defrag │ ├── bug-6887-defrag-eth-vlan-ipv4-tcp-syn │ │ ├── frag-eth-vlan-ip-tcp-syn.pcap │ │ ├── frag-eth-vlan-ip-tcp-syn.py │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-6887-defrag-eth-vlan-ipv6-tcp │ │ ├── frag-eth-vlan-ipv6-tcp.pcap │ │ ├── frag-eth-vlan-ipv6-tcp.py │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-6887-defrag-ipv4-tcp-syn │ │ ├── frag-ip-tcp-syn.pcap │ │ ├── frag-ip-tcp-syn.py │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-6887-defrag-ipv6-tcp │ │ ├── frag-ip-tcp.pcap │ │ ├── frag-ip-tcp.py │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-6887-defrag-ppp-ipv4-tcp-syn │ │ ├── frag-ppp-ip-tcp-syn.pcap │ │ ├── frag-ppp-ip-tcp-syn.py │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-6887-defrag-ppp-ipv6-tcp │ │ ├── frag-ip-tcp.py │ │ ├── frag-ppp-ipv6-tcp.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ └── bug-6942-6887-defrag-eth-ip-gre-ppp-ip-udp-data │ │ ├── eth-ip-gre-ppp-max-ip-packet.pcap │ │ ├── eth-ip-gre-ppp-max-ip-packet.py │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml ├── detect-absent-file-multi │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-absent-http-request-body │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-absent-negated-content │ ├── README.md │ ├── no_referer.pcap │ ├── test.rules │ └── test.yaml ├── detect-app-layer-protocol-01 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-app-layer-protocol-02 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-app-layer-protocol-03 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-app-layer-protocol-04 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-app-layer-protocol-05 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-app-layer-state-01 │ ├── test.rules │ └── test.yaml ├── detect-bidir-flowbits │ ├── README.md │ ├── input.pcap │ ├── server.go │ ├── test.rules │ └── test.yaml ├── detect-bidir-impossible │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-bidir-ja3 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-bidir │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-bsize-0 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-bsize-01 │ ├── test.rules │ └── test.yaml ├── detect-bypass-udp │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-bypass │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── detect-bytejump-01 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-bytejump-02 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-bytejump-03 │ ├── test.rules │ └── test.yaml ├── detect-bytejump-05 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-bytemath-01 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-bytemath-02 │ ├── test.rules │ └── test.yaml ├── detect-bytemath-05 │ ├── test.rules │ └── test.yaml ├── detect-bytemath-06 │ ├── test.rules │ └── test.yaml ├── detect-bytemath-add-04 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-bytemath-div-01 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-bytemath-mult-04 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-bytemath-sub-03 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-bytetest-01 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-bytetest-02 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── detect-bytetest-03 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── detect-bytetest-04 │ ├── README.md │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── detect-bytetest-05 │ ├── test.rules │ └── test.yaml ├── detect-chksum-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-chksum-02 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-compress_whitespace-01 │ ├── input.rules │ └── test.yaml ├── detect-compress_whitespace-02 │ ├── input.rules │ └── test.yaml ├── detect-content-ends-with-negated-01 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-content-ends-with-negated-02 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-content-ends-with-negated-03 │ ├── test.rules │ └── test.yaml ├── detect-content-strip-whitespace-01 │ ├── test.rules │ └── test.yaml ├── detect-dotprefix-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-dotprefix-02 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-dotprefix-03 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-email-body_md5-auto │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── detect-email-body_md5-disabled │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-email-body_md5 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-email-cc │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-email-date │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-email-from │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-email-msg-id │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-email-received │ ├── Makefile │ ├── README.md │ ├── input.pcap │ ├── smtp.syn │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-email-subject │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-email-to │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-email-url │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-email-x-mailer │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-engine-proto │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-filestore-config-01 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-filestore-config-02 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-filestore-config-03 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-filestore-config-04 │ ├── suricata.yaml │ ├── test.pcap │ ├── test.rules │ └── test.yaml ├── detect-flow-pkts-either │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-flow-pkts │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-flowbits │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── detect-ftp │ ├── ftp-active-dynamic_port-01 │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-active-dynamic_port-02 │ │ ├── Makefile │ │ ├── README.md │ │ ├── ftp-active-dynamic_port.pcap │ │ ├── ftp-active-dynamic_port.syn │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-command-01 │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-command-02 │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-command-data-01 │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-completion-code-01 │ │ ├── README.md │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-mode-01 │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-mode-02 │ │ ├── input.pcap │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-mode-03 │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-passive-dynamic_port-01 │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-passive-dynamic_port-02 │ │ ├── Makefile │ │ ├── ftp-passive-dynamic_port.pcap │ │ ├── ftp-passive-dynamic_port.syn │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-reply-01 │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-reply-received-01 │ │ ├── input.rules │ │ └── test.yaml │ ├── ftp-reply-received-02 │ │ ├── input.rules │ │ └── test.yaml │ └── ftp-reply-received-03 │ │ ├── input.rules │ │ └── test.yaml ├── detect-hostbits │ ├── detect-hostbits-01 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── detect-hostbits-02 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ └── detect-hostbits-03 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py ├── detect-http-uri │ ├── DetectEngineHttpRawUriTest01 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest02 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest03 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest04 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest05 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest06 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest07 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest08 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest09 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest10 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest11 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest12 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest13 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest14 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest15 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest16 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest21 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest22 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest23 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest24 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest25 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest26 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest27 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest28 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest29 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── DetectEngineHttpRawUriTest30 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig01 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig02 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig03 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig04 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig05 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig06 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig07 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig08 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig09 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig12 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig13 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig14 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig15 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig16 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig17 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig18 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig19 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig20 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig21 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig22 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig23 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig24 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig25 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig26 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig27 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig28 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig29 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig30 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig31 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig32 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig33 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig34 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig35 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig36 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── UriTestSig37 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml │ └── UriTestSig38 │ │ ├── README.md │ │ ├── test.fpc.pcap │ │ ├── test.rules │ │ └── test.yaml ├── detect-icmp-id-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-icmp-id-02 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-icmp-seq │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-ip_proto-01 │ ├── test.rules │ └── test.yaml ├── detect-ipopts-02 │ ├── README │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-ipopts │ ├── README │ ├── input.pcap │ ├── ipopt.py │ ├── test.rules │ └── test.yaml ├── detect-itype-prefilter │ ├── icmpv4-ping.pcap │ ├── test.rules │ └── test.yaml ├── detect-itype │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-ldap-attribute │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-ldap-dn │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-ldap-operation │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-ldap-result │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ ├── test.rules │ └── test.yaml ├── detect-pcre │ ├── detect-pcre-01 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── detect-pcre-02 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.t │ ├── detect-pcre-03 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── detect-pcre-04 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── detect-pcre-05 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ └── detect-pcre-06 │ │ ├── test.rules │ │ └── test.yaml ├── detect-pcrexform-01 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── detect-pcrexform-02 │ ├── test.rules │ └── test.yaml ├── detect-pcrexform-04 │ ├── test.rules │ └── test.yaml ├── detect-pcrexform-05 │ ├── test.rules │ └── test.yaml ├── detect-pcrexform-06 │ ├── test.rules │ └── test.yaml ├── detect-strip_whitespace-01 │ ├── input.rules │ └── test.yaml ├── detect-strip_whitespace-02 │ ├── input.rules │ └── test.yaml ├── detect-to_lowercase-01 │ ├── input.rules │ └── test.yaml ├── detect-to_lowercase-02 │ ├── input.rules │ └── test.yaml ├── detect-to_uppercase-01 │ ├── input.rules │ └── test.yaml ├── detect-to_uppercase-02 │ ├── input.rules │ └── test.yaml ├── detect-ttl-ipv6 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-ttl │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-udp-flow-rule-01 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-udp-flow-rule-02-ips │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-udp-flow-rule-02 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── detect-vlan-id │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── detect-vlan-layers │ ├── README.md │ ├── test.rules │ └── test.yaml ├── detect-xor │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── xor.py ├── dhcp-eve-extended-option-60 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── dhcp-eve-extended │ ├── input.pcap │ ├── min7.rules │ ├── suricata.yaml │ └── test.yaml ├── dhcp-request-flood │ ├── README.md │ ├── suricata.yaml │ ├── test.pcap │ ├── test.rules │ └── test.yaml ├── dnp3 │ ├── dnp3-del-measure │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dnp3-dnp3_data-alert │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── dnp3-dnp3_func-alert │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── dnp3-dnp3_obj-alert │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── dnp3-en-spon │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dnp3-eve │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dnp3-file-del │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dnp3-file-read │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dnp3-file-write │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dnp3-ind-keyword │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── dnp3-lua │ │ ├── README.md │ │ ├── rule.lua │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── dnp3-select-operate │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dnp3-toclient-start │ │ ├── README.md │ │ ├── dnp3_toclient_start.pcap │ │ └── test.yaml │ └── dnp3-write │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml ├── dns-eve-type-filtering │ ├── suricata.yaml │ ├── test.pcap │ └── test.yaml ├── dns-eve-v2-udp-nxdomain-soa │ ├── README.md │ ├── dns-udp-nxdomain-soa.pcap │ ├── suricata.yaml │ └── test.yaml ├── dns-lua-rules-pre8 │ ├── suricata.yaml │ ├── test-request.lua │ ├── test-response.lua │ ├── test-rrname.lua │ ├── test.rules │ └── test.yaml ├── dns-lua-rules │ ├── test-request.lua │ ├── test-response.lua │ ├── test-rrname.lua │ ├── test.rules │ └── test.yaml ├── dns-opcode │ ├── README.md │ ├── dns-notify.pcap │ ├── test.rules │ └── test.yaml ├── dns-over-http2-limit │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── dns-over-http2-post │ ├── README.md │ ├── dns_over_https_POST.pcap │ └── test.yaml ├── dns-over-http2 │ ├── README.md │ ├── dns_over_https.pcap │ ├── test.rules │ └── test.yaml ├── dns-reversed-tcp-1 │ ├── dns.pcap │ ├── suricata.yaml │ └── test.yaml ├── dns-reversed-udp-1 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── dns-tcp-ts-gap │ ├── README.md │ ├── input.pcap │ ├── original.pcap_ │ ├── suricata.yaml │ └── test.yaml ├── dns-udp-junkrequest-first │ ├── README.md │ ├── client.py │ ├── input.pcap │ └── test.yaml ├── dns-udp-nxdomain-soa │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── dns-udp-z-flag-fp │ ├── README.md │ ├── dns-events.rules │ ├── suricatafpdnsdecoder.pcap │ └── test.yaml ├── dns │ ├── bug-1158 │ │ ├── input.pcap │ │ └── test.yaml │ ├── bug-856 │ │ └── test.yaml │ ├── bug-990 │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-additionals-rdata │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-additionals-rrname │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-answer-emptydata │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-answer-name │ │ ├── README.md │ │ ├── dns-udp-request-with-answer.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-corrupt-additionals │ │ ├── README.md │ │ ├── dns-events.rules │ │ ├── input.pcap │ │ └── test.yaml │ ├── dns-dcerpc-reversed │ │ ├── input.pcap │ │ └── test.yaml │ ├── dns-eve-empty-format │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-eve-log-https-only │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.pcap │ │ └── test.yaml │ ├── dns-eve │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-frames │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-incomplete │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.txt │ │ ├── test.rules │ │ ├── test.yaml │ │ └── txt2pcap.py │ ├── dns-invalid-opcode │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-ptr │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-query-name │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-query │ │ ├── dns-detect-query-01 │ │ │ ├── README.md │ │ │ ├── input.pcap │ │ │ ├── test.rules │ │ │ └── test.yaml │ │ ├── dns-detect-query-02 │ │ │ ├── README.md │ │ │ ├── input.pcap │ │ │ ├── test.rules │ │ │ └── test.yaml │ │ ├── dns-detect-query-03 │ │ │ ├── README.md │ │ │ ├── input.pcap │ │ │ ├── test.rules │ │ │ └── test.yaml │ │ ├── dns-detect-query-04 │ │ │ ├── README.md │ │ │ ├── input.pcap │ │ │ ├── test.rules │ │ │ └── test.yaml │ │ └── dns-detect-query-05 │ │ │ ├── README.md │ │ │ ├── input.pcap │ │ │ ├── test.rules │ │ │ └── test.yaml │ ├── dns-rcode │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-response-mx │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-response-rrname-sticky-buffer │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-rrtype-index │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-rrtype │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-single-request │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-sshfp │ │ ├── README.md │ │ ├── dns-sshfp.pcap │ │ └── test.yaml │ ├── dns-tcp-multirequest-buffer │ │ ├── README │ │ ├── dns-tcp-multirequest-buffer.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-tcp-www-google-com │ │ ├── README.md │ │ ├── dns.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-truncated-rname │ │ ├── README.md │ │ ├── poc2.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── dns-udp-double-request-response │ │ ├── README.txt │ │ ├── dns-udp-double-request-response.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-udp-eve-dig │ │ ├── README.md │ │ └── test.yaml │ ├── dns-udp-eve-log-aaaa-only │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-udp-eve-log-answer-only │ │ ├── dns-udp-google.com-a-aaaa-mx.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-udp-eve-log-mx-only │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-udp-eve-log-query-only │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-udp-eve-log-srv │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-udp-eve-txt │ │ ├── input.pcap │ │ └── test.yaml │ ├── dns-udp-null │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-udp-unsolicited-response │ │ ├── README.md │ │ ├── dns-response-2x.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── dns-z-bit │ │ ├── dns-events.rules │ │ ├── input.pcap │ │ └── test.yaml │ ├── task-7018-dns-ips-stream-rule │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── task-7018-ids-dns-keywords │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── task-7018-ids-dns-stream-rule │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── task-7018-ips-dns-keywords │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ └── v2 │ │ ├── bug-1158 │ │ └── test.yaml │ │ ├── bug-856 │ │ └── test.yaml │ │ ├── bug-990 │ │ ├── test.rules │ │ └── test.yaml │ │ ├── dns-eve-log-https-only │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.pcap │ │ └── test.yaml │ │ ├── dns-eve │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-incomplete │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ │ ├── dns-invalid-opcode │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ │ ├── dns-single-request │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-tcp-multirequest-buffer │ │ ├── README │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-tcp-www-google-com │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-udp-double-request-response │ │ ├── README.txt │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-udp-eve-dig │ │ ├── README.md │ │ └── test.yaml │ │ ├── dns-udp-eve-log-aaaa-only │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-udp-eve-log-answer-only │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-udp-eve-log-mx-only │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-udp-eve-log-query-only │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-udp-eve-log-srv │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-udp-eve-txt │ │ ├── input.pcap │ │ └── test.yaml │ │ ├── dns-udp-null │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── dns-udp-unsolicited-response │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ │ └── dns-z-bit │ │ ├── dns-events.rules │ │ ├── input.pcap │ │ └── test.yaml ├── domain-keyword │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── drop-protocol-change │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── droped-flow-applayer-event-logged-dcerpc │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── droped-flow-applayer-event-logged-http │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── droped-flow-applayer-event-logged-smb │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── elephant-flow-tracking │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── engine-state │ ├── detect-engine-state-01 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.t │ │ ├── test.rules │ │ └── test.yaml │ ├── detect-engine-state-02 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.t │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── detect-engine-state-03 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.t │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── detect-engine-state-04 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.t │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── detect-engine-state-05 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.t │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ └── htptopcap.py ├── enip-alert │ ├── README.md │ ├── enip_test1.pcap │ ├── test.rules │ └── test.yaml ├── enip-frames │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── enip-keywords-suricata8 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── enip-keywords │ ├── README.md │ ├── enip_cip_example.pcap │ ├── test.rules │ └── test.yaml ├── enip-log-identity │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── enip-stats-udp │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── entropy │ ├── entropy-01 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ └── entropy-03 │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml ├── ethernet-eve │ ├── suricata.yaml │ ├── test.pcap │ └── test.yaml ├── eve-alert-metadata-defaults │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-alert-metadata-enable-rule │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-alert-metadata-off │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-flow-esp │ ├── input.pcap │ ├── suricata.yaml │ ├── test.yaml │ └── writepcap.py ├── eve-flow-vlan-02 │ ├── input.pcap │ ├── suricata.yaml │ ├── test.yaml │ └── writepcap.py ├── eve-flow-vlan │ ├── input.pcap │ ├── suricata.yaml │ ├── test.yaml │ └── writepcap.py ├── eve-ip-version-4 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-ip-version-6 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── eve-metadata-01-alert │ ├── 1.rules │ ├── 80000000-037-PTP_Example_IPv4_HTTP_Session-PUBLIC-tp-01-TEST1.pcap │ └── test.yaml ├── eve-metadata-02-pass │ ├── 1.rules │ └── test.yaml ├── eve-metadata-03-noalert │ ├── 1.rules │ └── test.yaml ├── eve-metadata-04-flowvar │ ├── 1.rules │ └── test.yaml ├── eve-metadata │ ├── suricata.yaml │ ├── test.rules │ ├── test.yaml │ └── testmyids.pcap ├── eve-overlap-payload-01 │ ├── suricata.yaml │ ├── tcp-overlap.pcap │ ├── tcp-overlap.py │ ├── tcp-overlap.rules │ └── test.yaml ├── eve-overlap-payload-02-policy-oldlinux │ ├── suricata.yaml │ ├── tcp-overlap.pcap │ ├── tcp-overlap.rules │ └── test.yaml ├── eve-overlap-payload-03-ips │ ├── suricata.yaml │ ├── tcp-overlap.pcap │ ├── tcp-overlap.rules │ └── test.yaml ├── eve-overlap-payload-04-partial-overlap │ ├── suricata.yaml │ ├── tcp-overlap.rules │ ├── tcp-overlap2.pcap │ └── test.yaml ├── eve-overlap-payload-05-gap │ ├── suricata.yaml │ ├── tcp-simple-gap2.pcap │ ├── test.rules │ └── test.yaml ├── eve-payload-01-tcp-exact-overlap │ ├── suricata.yaml │ ├── tcp-overlap.pcap │ ├── tcp-overlap.py │ ├── tcp-overlap.rules │ └── test.yaml ├── eve-payload-02-tcp-exact-overlap-policy-oldlinux │ ├── suricata.yaml │ ├── tcp-overlap.pcap │ ├── tcp-overlap.rules │ └── test.yaml ├── eve-payload-03-tcp-exact-overlap-ips │ ├── suricata.yaml │ ├── tcp-overlap.pcap │ ├── tcp-overlap.rules │ └── test.yaml ├── eve-payload-04-partial-overlap │ ├── suricata.yaml │ ├── tcp-overlap.rules │ ├── tcp-overlap2.pcap │ └── test.yaml ├── eve-payload-05-tcp-data-gap │ ├── suricata.yaml │ ├── tcp-simple-gap2.pcap │ ├── test.rules │ └── test.yaml ├── eve-payload-06-tcp-data-leading-gap │ ├── suricata.yaml │ ├── tcp-leading-gap.pcap │ ├── tcp.py │ ├── test.rules │ └── test.yaml ├── eve-payload-07-http-gap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-suricata-version │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── eve-tag-01 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-tag-02 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-tag-03 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-tag-04 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-tag-05 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-tag-06 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── eve-tag-07 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── event-rules-6.0.20 │ ├── 6.0.20.rules │ └── test.yaml ├── event-rules-7.0.0 │ ├── 7.0.0.rules │ └── test.yaml ├── event-rules-7.0.1 │ ├── 7.0.1.rules │ └── test.yaml ├── event-rules-7.0.2 │ ├── 7.0.2.rules │ └── test.yaml ├── event-rules-7.0.3 │ ├── 7.0.3.rules │ └── test.yaml ├── event-rules-7.0.4 │ ├── 7.0.4.rules │ └── test.yaml ├── event-rules-7.0.5 │ ├── 7.0.5.rules │ └── test.yaml ├── event-rules-7.0.6 │ ├── 7.0.6.rules │ └── test.yaml ├── event-rules-7.0.7 │ ├── 7.0.7.rules │ └── test.yaml ├── event-rules-7.0.8 │ ├── 7.0.8.rules │ └── test.yaml ├── event-rules-7.0.9 │ ├── 7.0.9.rules │ └── test.yaml ├── exception-policy-applayer-01 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-applayer-02 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-applayer-03 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── exception-policy-default-01 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-default-02 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-default-03 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-default-04 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-defrag-01 │ ├── README.md │ ├── ipv4frags.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-master-switch │ ├── exception-policy-master-switch-01 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-master-switch-02 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-master-switch-03 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-master-switch-04 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-master-switch-05 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── exception-policy-master-switch-06 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ └── exception-policy-master-switch-07 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml ├── exception-policy-midstream-01 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-midstream-02 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-midstream-03 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-midstream-04 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-midstream-05 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-midstream-06 │ ├── README.md │ ├── input-http-ACK.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-midstream-07 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-reject-action-01 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-simulated-flow-memcap │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-stream-reassembly-memcap-01 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-stream-reassembly-memcap-02 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-stream-reassembly-memcap-03 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-stream-reassembly-memcap-04 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-stream-reassembly-memcap-05 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-stream-reassembly-memcap-06 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── exception-policy-stream-ssn-memcap-01 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── feature-5976-zero-stats-01 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── feature-5976-zero-stats-02 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── file-data-depth-inspection-alert │ ├── test.rules │ └── test.yaml ├── file-data-depth-inspection │ ├── file-data-depth-inspection.pcap │ ├── test.rules │ └── test.yaml ├── file-data-prefilter │ ├── README.md │ ├── test.rules │ └── test.yaml ├── file-force-hash-invalid │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── file-match-crossed │ ├── README.md │ ├── http-multipart-post.pcap │ ├── suricata.yaml │ ├── test.rules │ ├── test.yaml │ ├── titi.txt │ └── toto.txt ├── fileext-01 │ ├── test.rules │ └── test.yaml ├── fileext-02 │ ├── test.rules │ └── test.yaml ├── filemagic-01 │ ├── test.rules │ └── test.yaml ├── filemagic-flowbits-02 │ ├── test.rules │ └── test.yaml ├── filemagic-flowbits-03 │ ├── test.rules │ └── test.yaml ├── filemagic-flowbits │ ├── pdf-dl.pcap │ ├── test.rules │ └── test.yaml ├── filemd5 │ ├── suricata.yaml │ ├── target.md5 │ ├── target.pcap │ ├── test.rules │ └── test.yaml ├── filename-01 │ ├── test.rules │ └── test.yaml ├── filesize-keyword │ ├── README.md │ ├── test.rules │ └── test.yaml ├── filestore-5408 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── filestore-alert-log │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── filestore-dont │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── filestore-filecontainer-http │ ├── filecontainer-http.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── filestore-filecontainer-smb │ ├── filecontainer-smb.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── filestore-filecontainer-smb1-data-offset │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── filestore-filecontainer-smb1-padding │ ├── smb_bug_padding.pcap │ ├── suricata.yaml │ └── test.yaml ├── filestore-ftp-active-mode │ ├── ftp-active-mode.pcap │ ├── suricata.yaml │ └── test.yaml ├── filestore-ftp-passive-mode │ ├── ftp-passive-mode.pcap │ ├── suricata.yaml │ └── test.yaml ├── filestore-issue-5868 │ ├── README.md │ ├── bidi-logo.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── filestore-v2.1-forced │ ├── suricata-update-pdf.pcap │ ├── suricata.yaml │ └── test.yaml ├── filestore-v2.2-forced-with-open-files │ ├── suricata.yaml │ └── test.yaml ├── filestore-v2.3-fserror │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── filestore-v2.4-forced-with-meta │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── filestore-v2.5-both-enabled │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── filestore-v2.6-stream-depth │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── filestore-v2.7-stream-depth │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── filestore-v2.8-stream-depth │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── filestore-v2.9-stream-depth │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── firewall │ ├── firewall-01-tcp-pkt-state-flowbits │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── firewall-02-tcp-pkt-state-flow │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── firewall-03-tcp-tls-enforce │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── firewall-04-tls-sni-enforce │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── firewall-06-tls-sni-enforce │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── ruletype-firewall-01-flow-start │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-02-flow-start │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-03-ruleset-vs-ping │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-04-ruleset-vs-sni │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-05-ruleset-vs-sni │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-06-ruleset-pass-per-packet │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-07-ruleset-pass-per-flow │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-08-ruleset-default-packet-policy │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-09-ruleset-default-app-policy │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-10-ruleset-packet-drop-vs-app │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ ├── td.rules │ │ └── test.yaml │ ├── ruletype-firewall-11-ruleset-pass-vs-fw │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ ├── td.rules │ │ └── test.yaml │ ├── ruletype-firewall-12-ruleset-accept-flowbit │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-13-ruleset-accept-flowbit │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-14-ruleset-pass-vs-fw │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ ├── td.rules │ │ └── test.yaml │ ├── ruletype-firewall-15-state-keyword │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-16-http-per-hook │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-17-http-txbits-multi-tx │ │ ├── firewall.rules │ │ ├── http-sticky-server-s8.pcap │ │ └── test.yaml │ ├── ruletype-firewall-18-http-per-hook │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-19-http-per-hook │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-20-http-per-hook │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-21-http-accept-tx │ │ ├── firewall.rules │ │ ├── http-sticky-server-s8.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-22-http-accept-tx-with-td │ │ ├── firewall.rules │ │ ├── http-sticky-server-s8.pcap │ │ ├── suricata.yaml │ │ ├── td.rules │ │ └── test.yaml │ ├── ruletype-firewall-23-dns-per-hook │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-24-dnstcp-per-hook │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-25-tcp-udp │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-26-drop-rule │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-27-http-drop-rule │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-28-http-drop-flow-rule │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-29-http-drop-flow-rule │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-30-fw-accept-td-drop │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ ├── td.rules │ │ └── test.yaml │ ├── ruletype-firewall-31-retrans-of-drop │ │ ├── .suricata.yaml.swp │ │ ├── firewall.rules │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── writepcap.py │ ├── ruletype-firewall-32-proto-detect-ssh │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-33-ssh │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-34-ssh-sw │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-35-ssh-sw │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-36-minimal │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-37-minimal-bad │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-38-ssh-vs-telnet │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-39-pre-stream │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-40-pre-stream-wscale │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ruletype-firewall-41-pre-flow │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ └── ruletype-firewall-42-pre-flow-notrack │ │ ├── firewall.rules │ │ ├── suricata.yaml │ │ └── test.yaml ├── flow-drop-iponly-01 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── flow-drop-iponly-02 │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── flow-pkt-recursion │ ├── README.md │ ├── ids-middleware-pkt-flows-recursion-excluded │ │ └── test.yaml │ ├── ids-middleware-pkt-flows-recursion-included │ │ └── test.yaml │ ├── ids-tunnel-pkt-flows-recursion-excluded │ │ └── test.yaml │ ├── ids-tunnel-pkt-flows-recursion-included │ │ └── test.yaml │ ├── ips-middleware-pkt-flows-recursion-excluded │ │ └── test.yaml │ ├── ips-middleware-pkt-flows-recursion-included │ │ └── test.yaml │ ├── ips-tunnel-pkt-flows-recursion-excluded │ │ └── test.yaml │ ├── ips-tunnel-pkt-flows-recursion-included │ │ └── test.yaml │ ├── middleware-pkt-flows.pcap │ ├── test.py │ └── tunnel-pkt-flows.pcap ├── flow-tx-cnt │ ├── README.md │ ├── test.rules │ └── test.yaml ├── flowbit-oring │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── flowbits-prefilter-01 │ ├── flowbit-prefilter.rules │ └── test.yaml ├── flowbits-prefilter-02-auto │ ├── flowbit-prefilter-tx.rules │ └── test.yaml ├── flowbits-prefilter-03 │ ├── flowbit-prefilter.rules │ └── test.yaml ├── flowbits-prefilter-04-pkt-auto │ ├── flowbit-prefilter.rules │ └── test.yaml ├── flowbits-prefilter-05-onedir │ ├── flowbit-prefilter.rules │ └── test.yaml ├── flowbits-prefilter-06-opdir │ ├── flowbit-prefilter.rules │ └── test.yaml ├── flowbits-prefilter-07-tx-onedir │ ├── flowbit-prefilter-tx.rules │ └── test.yaml ├── flowbits-prefilter-08-tx-opdir │ ├── flowbit-prefilter-tx.rules │ └── test.yaml ├── flowbits-prefilter-09-iponly-onedir │ ├── flowbit-prefilter.rules │ └── test.yaml ├── flowbits-prefilter-10-iponly-opdir │ ├── flowbit-prefilter.rules │ └── test.yaml ├── flowbits-prefilter-11-pkt-auto │ ├── flowbit-prefilter.rules │ └── test.yaml ├── flowbits-prefilter-12-toggle │ ├── flowbit-prefilter.rules │ └── test.yaml ├── flowbits-prefilter-13-tx-onedir-toggle │ ├── flowbit-prefilter-tx.rules │ └── test.yaml ├── flowint-isnotset │ ├── README.md │ ├── test.rules │ └── test.yaml ├── from_base64-01 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── from_base64-02 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── from_base64-03 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── from_base64-04 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── ftp-epsv │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── ftp-port-memcap │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── ftp │ ├── ftp-bounce │ │ ├── Makefile │ │ ├── README.md │ │ ├── test.pcap │ │ ├── test.rules │ │ ├── test.syn │ │ └── test.yaml │ ├── ftp-invalid-config │ │ ├── README.md │ │ └── test.yaml │ ├── ftp-too-long-command-buffered │ │ ├── Makefile │ │ ├── README │ │ ├── ftp-too-long-command.pcap │ │ ├── ftp-too-long-command.syn │ │ └── test.yaml │ ├── ftp-too-long-command-first │ │ ├── Makefile │ │ ├── README.md │ │ ├── ftp-too-long-command.pcap │ │ ├── ftp-too-long-command.syn │ │ └── test.yaml │ ├── ftp-too-long-command-higher-limit │ │ ├── README.md │ │ ├── ftp-too-long-command.pcap │ │ ├── ftp-too-long-command.syn │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── ftp-too-long-command │ │ ├── Makefile │ │ ├── README.md │ │ ├── ftp-events.rules │ │ ├── ftp-too-long-command.pcap │ │ ├── ftp-too-long-command.syn │ │ └── test.yaml │ └── ftp-too-long-response │ │ ├── Makefile │ │ ├── README │ │ ├── ftp-events.rules │ │ ├── ftp-too-long-response.pcap │ │ ├── ftp-too-long-response.syn │ │ └── test.yaml ├── geneve-decoder │ ├── input.pcap │ └── test.yaml ├── geoip │ ├── geoip.pl │ ├── suricata.yaml │ ├── test.mmdb │ ├── test.rules │ └── test.yaml ├── http-all-headers │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── http-async-cli │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http-async-srv │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-async │ ├── README.md │ ├── async.txt │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-auth-bearer │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-auth-unrecognized │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-body-inspect │ ├── http-aptget-ids-02-s2.pcap │ ├── test.rules │ └── test.yaml ├── http-brotli-ce │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http-chunked │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-close-headers │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-connect │ ├── http-connect-fail │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.txt │ │ └── test.yaml │ ├── http-connect-fragmented │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.txt │ │ └── test.yaml │ ├── http-connect-simple │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.txt │ │ └── test.yaml │ └── http-connect-tls │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.txt │ │ └── test.yaml ├── http-connection-toclient │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-data-after-09 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http-double-encoded-uri │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http-encoding-gzip-uncompressed │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-encoding-identity │ ├── README.md │ ├── server.go │ ├── test.pcap │ ├── test.rules │ └── test.yaml ├── http-evader │ ├── http-evader-000 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-001 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-002 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-003 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-004 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-005 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-006 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-007 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-008 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-009 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-010 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-011 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-012 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-013 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-014 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-015 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-016 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-017 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-018 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-019 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-020 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-021 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-022 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-023 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-024 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-025 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-026 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-027 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-028 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-029 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-030 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-031 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-032 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-033 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-034 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-035 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-036 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-037 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-038 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-039 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-040 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-041 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-042 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-043 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-044 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-045 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-046 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-047 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-048 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-049 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-050 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-051 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-052 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-053 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-054 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-055 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-056 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-057 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-058 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-059 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-060 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-061 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-062 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-063 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-064 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-065 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-066 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-067 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-068 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-069 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-070 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-071 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-072 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-073 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-074 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-075 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-076 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-077 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-078 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-079 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-080 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-081 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-082 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-083 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-084 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-085 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-086 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-087 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-088 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-089 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-090 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-091 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-092 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-093 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-094 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-095 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-096 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-097 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-098 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-099 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-100 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-101 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-102 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-103 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-104 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-105 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-106 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-107 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-108 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-109 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-110 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-111 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-112 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-113 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-114 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-115 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-116-lzma │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-117 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-118 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-119 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-120 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-121 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-122 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-123 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-124 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-125 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-126 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-127 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-128 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-129 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-130 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-131 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-132 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-133 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-134 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-135 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-136 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-137 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-138 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-139 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-140 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-141 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-142 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-143 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-144 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-145 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-146 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-147 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-148 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-149 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-150 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-151 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-152 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-153 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-154 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-155 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-156 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-157 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-158 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-159 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-160 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-161 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-162 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-163 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-164 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-165 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-166 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-167 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-168 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-169 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-170 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-171 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-172 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-173 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-174 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-175 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-176 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-177 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-178 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-179 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-180 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-181 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-182 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-183 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-184 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-185 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-186 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-187 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-188 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-189 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-190 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-191 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-192 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-193 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-194 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-195 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-196 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-197 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-198 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-199 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-200 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-201 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-202 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-203 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-204 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-205 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-206 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-207 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-208 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-209 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-210 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-211 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-212 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-213 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-214 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-215 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-216 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-217 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-218 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-219 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-220 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-221 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-222 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-223 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-224 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-225 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-226 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-227 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-228 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-229 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-230 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-231 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-232 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-233 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-234 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-235 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-236 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-237 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-238 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-239 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-240 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-241 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-242 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-243 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-244 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-245 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-246 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-247 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-248 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-249 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-250 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-251 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-252 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-253 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-254 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-255 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-256 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-257 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-258 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-259 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-260 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-261 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-262 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-263 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-264 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-265 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-266 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-267 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-268 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-269 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-270 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-271 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-272 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-273 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-274 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-275 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-276 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-277 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-278 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-279 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-280 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-281 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-282 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-283 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-284 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-285 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-286 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-287 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-288 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-289 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-290 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-291 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-292 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-293 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-294 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-295 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-296 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-297 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-298 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-299 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-300 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-301 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-302 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-303 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-304 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-305 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-306 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-307 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-308 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-309 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-310 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-311 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-312 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-313 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-314 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-315 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-316 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-317 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-318 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-319 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-320 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-321 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-322 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-323 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-324 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-325 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-326 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-327 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-328 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-329 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-330 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-331 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-332 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-333 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-334 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-335 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-336 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-337 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-338 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-339 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-340 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-341 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-342 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-343 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-344 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-345 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-346 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-347 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-348 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-349 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-350 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-351 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-352 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-353 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-354 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-355 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-356 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-357 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-358 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-359 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-360 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-361 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-362 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-363 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-364 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-365 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-366 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-367 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-368 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-369 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-370 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-371 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-372 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-373 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-374 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-375 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-376 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-377 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-378 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-379 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-380 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-381 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-382 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-383 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-384 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-385 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-386 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-387 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-388 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-389 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-390 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-391 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-392 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-393 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-394 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-395 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-396 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-397 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-398 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-399 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-400 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-401 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-402 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-403 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-404 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-405 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-406 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-407 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-408 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-409 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-410 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-411 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-412 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-413 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-414 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-415 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-416 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-417 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-418 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-419 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-420 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-421 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-422 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-423 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-424 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-425 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-426 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-427 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-428 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-429 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-430 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-431 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-432 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-433 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-434 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-435 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-436 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-437 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-438 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-439 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-440 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-441 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-442 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-443 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-444 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-445 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-446 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-447 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-448 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-449 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-450 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-451 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-452 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-453 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-454 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-455 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-456 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-457 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-458 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-459 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-460 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-461 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-462 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-463 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-464 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-465 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-466 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-467 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-468 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-469 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-470 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-471 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-472 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-473 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-474 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-475 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-476 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-477 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-478 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-479 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-480 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-481 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-482 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-483 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-484 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-485 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-486 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-487 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-488 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-489 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-490 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-491 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-492 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-493 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-494 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-495 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-496 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-497 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-498 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-499 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── http-evader-500 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ └── http-evader-501 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml ├── http-event-chunk │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-gap-beyond-body │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http-gap-double │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http-gap-simple-frames-ips │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ ├── test.yaml │ └── toaddgap.txt ├── http-gap-simple-frames │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ ├── test.yaml │ └── toaddgap.txt ├── http-gap-simple │ ├── README.md │ ├── input.pcap │ ├── test.yaml │ └── toaddgap.txt ├── http-gap-whole-body │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http-ipv6 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-mime-truncated │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── http-missing-protocol │ ├── README.md │ ├── client.py │ ├── input.pcap │ ├── server.py │ ├── test.rules │ └── test.yaml ├── http-multiple-cl │ ├── README.md │ ├── client.py │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-multiple100 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http-not09-file │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-not09-spaces │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http-not09 │ ├── README.md │ ├── input.pcap │ ├── min8.rules │ └── test.yaml ├── http-pipeline-files-with-gap │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── http-post-data-decompression │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-post-file │ ├── README.md │ ├── input.pcap │ ├── mm.go │ ├── test.rules │ └── test.yaml ├── http-protocol-inspect-v2 │ ├── README.md │ ├── http.pcap │ ├── test.rules │ └── test.yaml ├── http-protocol-nodup │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http-range-file │ ├── README.md │ ├── client.go │ ├── input.pcap │ └── test.yaml ├── http-range-multiflows │ ├── README.md │ ├── client.go │ ├── input.pcap │ └── test.yaml ├── http-range │ ├── README.md │ └── test.yaml ├── http-raw-header │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-request-header-multi │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-request-header │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-request-invalid │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-request-line-packet │ ├── README.md │ ├── test.rules │ └── test.yaml ├── http-request-line │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── http-response-line │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── http-sha256-drop-02 │ ├── README.md │ ├── blacklist │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http-sha256-drop │ ├── README.md │ ├── blacklist │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http-sticky-location │ ├── http-sticky-location.pcap │ ├── http-sticky-location.rules │ └── test.yaml ├── http-sticky-server │ ├── http-sticky-server.pcap │ ├── http-sticky-server.rules │ └── test.yaml ├── http-sticky-start │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-uri-spaces │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-urldecode-body │ ├── README.md │ ├── client.py │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http-xff-eve-forward-extra-data │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http-xff-eve-forward-overwrite │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http-xff-eve-reverse-extra-data │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http-xff-eve-reverse-overwrite │ ├── README.md │ ├── suricata.yaml │ ├── test.pcap │ ├── test.rules │ └── test.yaml ├── http1-noint-status │ ├── README.md │ ├── input.pcap │ ├── server.py │ └── test.yaml ├── http2-authority-mismatch │ ├── README.md │ ├── authority_and_host_2.pcap │ ├── test.rules │ └── test.yaml ├── http2-basic │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http2-bugfixes │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http2-compression-bug │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http2-continuation │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── http2-deflate │ ├── README.md │ ├── http2_deflate.pcap │ ├── server.go │ └── test.yaml ├── http2-disabled │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http2-errorcode │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── http2-files-6 │ ├── README.md │ ├── expected │ │ └── fast.log │ ├── suricata.yaml │ ├── test.md5 │ ├── test.rules │ └── test.yaml ├── http2-files │ ├── README.md │ ├── expected │ │ └── fast.log │ ├── suricata.yaml │ ├── test.md5 │ ├── test.rules │ └── test.yaml ├── http2-frames │ ├── README.md │ ├── test.rules │ └── test.yaml ├── http2-header │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http2-keywords │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http2-keywords2 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── http2-range │ ├── README.md │ ├── http2-range.pcap │ ├── server.go │ ├── suricata.yaml │ └── test.yaml ├── http2-upgrade │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── http2-userinfo-authority │ ├── README.md │ ├── http2_userinfo_in_authority_1.pcap │ ├── test.rules │ └── test.yaml ├── http2-window-index │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── icmp-hdr-01 │ ├── input.rules │ └── test.yaml ├── icmp-hdr-02 │ ├── input.pcap │ ├── input.rules │ └── test.yaml ├── ikev1-duplicate-proposals │ ├── README.md │ ├── gen-pkt.py │ ├── generated.pcap │ └── test.yaml ├── ikev1-rules │ ├── ikev1-isakmp-main-mode.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── ikev1-transforms │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── ikev1 │ ├── suricata.yaml │ └── test.yaml ├── ikev2-weak-dh │ ├── IKEv2_SA_INIT_2-8-weak.pcap │ ├── README.md │ ├── test.rules │ └── test.yaml ├── imap-detection │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── iponly-midstream-01 │ ├── test.rules │ └── test.yaml ├── ipopts-esec │ ├── suricata.yaml │ ├── test.pcap │ ├── test.rules │ └── test.yaml ├── iprep-02 │ ├── iprep.rules │ ├── scirius-categories.txt │ ├── scirius-iprep.list │ ├── suricata.yaml │ └── test.yaml ├── iprep-03-bug-6834 │ ├── categories.txt │ ├── iprep.list │ ├── iprep.rules │ ├── suricata.yaml │ └── test.yaml ├── iprep-04-bug-6834-any │ ├── categories.txt │ ├── iprep.list │ ├── iprep.rules │ ├── suricata.yaml │ └── test.yaml ├── iprep-05-bug-6834-both │ ├── categories.txt │ ├── iprep.list │ ├── iprep.rules │ ├── suricata.yaml │ └── test.yaml ├── iprep-06-bug-6834-dst │ ├── categories.txt │ ├── iprep.list │ ├── iprep.rules │ ├── suricata.yaml │ └── test.yaml ├── iprep-07-bug-6834-src-cidr │ ├── categories.txt │ ├── iprep.list │ ├── iprep.rules │ ├── suricata.yaml │ └── test.yaml ├── iprep-08-bug-6834-any-cidr │ ├── categories.txt │ ├── iprep.list │ ├── iprep.rules │ ├── suricata.yaml │ └── test.yaml ├── iprep-09-bug-6834-both-cidr │ ├── categories.txt │ ├── iprep.list │ ├── iprep.rules │ ├── suricata.yaml │ └── test.yaml ├── iprep-10-bug-6834-dst-cidr │ ├── categories.txt │ ├── iprep.list │ ├── iprep.rules │ ├── suricata.yaml │ └── test.yaml ├── iprep-11-isset │ ├── README.md │ ├── iprep.rules │ ├── scirius-categories.txt │ ├── scirius-iprep.list │ ├── suricata.yaml │ └── test.yaml ├── iprep-12-rule-types │ ├── README.md │ ├── iprep.rules │ ├── scirius-categories.txt │ ├── scirius-iprep.list │ ├── suricata.yaml │ └── test.yaml ├── ips-state-1 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── ipv4-hdr-keyword │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── ipv4-truncated │ ├── README.md │ ├── decoder-events.rules │ ├── test.yaml │ └── truncated.pcap ├── ipv6-evasion │ ├── ipv6-atomic-fragments-toobig │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── toobig.pcap │ ├── ipv6-covert-dstopts │ │ ├── README.md │ │ ├── covert_send6.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-dos-with-ext-headers-1 │ │ ├── README.md │ │ ├── denial6-1.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-dos-with-ext-headers-2 │ │ ├── README.md │ │ ├── denial6-2.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-dos-with-ext-headers-3 │ │ ├── README.md │ │ ├── denial6-3.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-dos-with-ext-headers-4 │ │ ├── README.md │ │ ├── denial6-4.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-dos-with-ext-headers-5 │ │ ├── README.md │ │ ├── denial6-5.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-dos-with-ext-headers-6 │ │ ├── README.md │ │ ├── denial6-6.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-dos-with-ext-headers-7 │ │ ├── README.md │ │ ├── denial6-7.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-kill-router-gateway │ │ ├── README.md │ │ ├── kill_router6.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-1 │ │ ├── README.md │ │ ├── frag-1.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-10 │ │ ├── README.md │ │ ├── frag-10.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-11 │ │ ├── README.md │ │ ├── frag-11.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-12 │ │ ├── README.md │ │ ├── frag-12.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-15 │ │ ├── README.md │ │ ├── frag-15.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-16 │ │ ├── README.md │ │ ├── frag-16.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-17 │ │ ├── README.md │ │ ├── frag-17.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-18 │ │ ├── README.md │ │ ├── frag-18.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-2 │ │ ├── README.md │ │ ├── frag-2.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-22 │ │ ├── README.md │ │ ├── frag-22.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-23 │ │ ├── README.md │ │ ├── frag-23.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-24 │ │ ├── README.md │ │ ├── frag-24.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-25 │ │ ├── README.md │ │ ├── frag-25.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-26 │ │ ├── README.md │ │ ├── frag-26.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-27 │ │ ├── README.md │ │ ├── frag-27.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-28 │ │ ├── README.md │ │ ├── frag-28.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-29 │ │ ├── README.md │ │ ├── frag-29.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-3 │ │ ├── README.md │ │ ├── frag-3.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-30 │ │ ├── README.md │ │ ├── frag-30.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-31 │ │ ├── README.md │ │ ├── frag-31.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-32 │ │ ├── README.md │ │ ├── frag-32.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-33 │ │ ├── README.md │ │ ├── frag-33.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-35 │ │ ├── README.md │ │ ├── frag-35.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-36 │ │ ├── README.md │ │ ├── frag-36.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-4 │ │ ├── README.md │ │ ├── frag-4.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-6 │ │ ├── README.md │ │ ├── frag-6.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-7 │ │ ├── README.md │ │ ├── frag-7.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-8 │ │ ├── README.md │ │ ├── frag-8.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-malformed-fragments-9 │ │ ├── README.md │ │ ├── frag-9.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── ipv6-rsmurf │ │ ├── README.md │ │ ├── rsmurf6.pcap │ │ ├── test.rules │ │ └── test.yaml │ └── ipv6-smurf │ │ ├── README.md │ │ ├── smurf6.pcap │ │ ├── test.rules │ │ └── test.yaml ├── ipv6-hdr-keyword-01 │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── ipv6-hdr-keyword-02 │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── issue-3267-tcphdr │ ├── tcphdr_http.pcap │ ├── test.rules │ └── test.yaml ├── issue-3277-nfsv2-filestore │ ├── README.md │ ├── nfsv2.pcap │ ├── test.rules │ └── test.yaml ├── issue-3341-tcphdr-01 │ ├── test.rules │ ├── test.yaml │ └── urgent11_cve_2019_12260.pcap ├── issue-3703 │ ├── bug3703.rules │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── issue-4280-iprep │ ├── input.pcap │ ├── iprep.rules │ ├── scirius-categories.txt │ ├── scirius-iprep.list │ ├── suricata.yaml │ └── test.yaml ├── issue-4407 │ ├── input.rules │ ├── suppress.yaml │ ├── suricata.yaml │ ├── test.yaml │ └── threshold.config ├── issue-5466-alert-then-pass-01 │ ├── icmp_and_ssh.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── issue-5466-alert-then-pass-02 │ ├── icmp_and_ssh-s0.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── issue-5466-alert-then-pass-03-drop-pass │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── issue-5466-alert-then-pass-04-drop-alert │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── issues │ ├── issue-4759.1 │ │ ├── README.md │ │ ├── tcpdns.pcap │ │ ├── test.rules │ │ └── test.yaml │ └── issue-4759 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml ├── ja3-lua-rules-quic │ ├── README.md │ ├── test-ja3.lua │ ├── test.rules │ └── test.yaml ├── ja4-cl-handshake │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── ja4-quic-7.0.x-01 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── ja4-quic-7.0.x-02 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── ja4-quic │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── ja4-rules-7.0.x-01 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── ja4-rules-7.0.x-02 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── ja4-rules-bug-7010 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── ja4-rules-disabled │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── ja4-rules-invalid │ ├── test.rules │ └── test.yaml ├── ja4-rules-requires-off │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── ja4-rules-requires │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── ja4-rules │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── ja4-sv-handshake │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── ja4-tls-7.0.x │ ├── README.md │ └── test.yaml ├── ja4-tls-quic │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── ja4-tls │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── krb5-kerberoasting │ ├── README.md │ ├── kerberoast.pcap │ ├── test.rules │ └── test.yaml ├── krb5-krb5_msg_type-enum │ ├── README.md │ ├── test.rules │ └── test.yaml ├── krb5-krb5_msg_type │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── krb5-probing │ ├── README.md │ ├── krb.pcap │ ├── suricata.yaml │ └── test.yaml ├── krb5-request-frag-log │ ├── README.md │ ├── krb5-frag.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── ldap-abandon │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── ldap-add │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── ldap-bind │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── ldap-compare │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── ldap-delete │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── ldap-extended │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── ldap-frames │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── ldap-modify-dn │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── ldap-modify │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── ldap-search │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── ldap-starttls │ ├── input.pcap │ └── test.yaml ├── ldap-udp │ ├── README.md │ ├── cldap.pcap │ └── test.yaml ├── ldap-unbind │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── ldap-unsolicited │ ├── Makefile │ ├── README.md │ ├── ldap.pcap │ ├── ldap.syn │ └── test.yaml ├── like-ip-only-01 │ ├── krb5-frag.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── linktype-228 │ ├── flow-test-01.pcap │ └── test.yaml ├── linktype_name │ ├── test.rules │ └── test.yaml ├── lua-byte-extract-pre8 │ ├── README.md │ ├── lua-byte-extract.lua │ ├── lua-byte-math.lua │ ├── test.rules │ └── test.yaml ├── lua-byte-extract │ ├── README.md │ ├── lua-byte-extract.lua │ ├── lua-byte-math.lua │ ├── test.rules │ └── test.yaml ├── lua-detect-http-01 │ ├── README.md │ ├── http-lua.rules │ ├── suricata.yaml │ ├── test-request-headers-raw.lua │ ├── test-request-line.lua │ ├── test-response-body.lua │ ├── test-response-headers-raw.lua │ └── test.yaml ├── lua-flowfunctions │ ├── README.md │ ├── dataset-lua.rules │ ├── expected │ │ └── flow_http_lua.log │ ├── lua-flowfunctions.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-flowstats │ ├── README.md │ ├── expected │ │ └── lua-scflowstats.log │ ├── lua-scflowstats.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-flowtuple │ ├── README.md │ ├── expected │ │ └── scflow-tuple.log │ ├── scflowtuple.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-match-scrule │ ├── README.md │ ├── lua-scrule-action.lua │ ├── lua-scrule-class.lua │ ├── lua-scrule-ids.lua │ ├── lua-scrule-msg.lua │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── lua-memleak-pre8 │ ├── README.md │ ├── input.pcap │ ├── test.lua │ ├── test.rules │ └── test.yaml ├── lua-memleak │ ├── README.md │ ├── input.pcap │ ├── test.lua │ ├── test.rules │ └── test.yaml ├── lua-output-dns │ ├── README.md │ ├── suricata.yaml │ ├── test.lua │ ├── test.pcap │ └── test.yaml ├── lua-output-http-02 │ ├── README.md │ ├── default.yaml │ ├── expected │ │ └── http_lua.log │ ├── http.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-output-http-03 │ ├── README.md │ ├── default.yaml │ ├── expected │ │ └── http_lua.log │ ├── http.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-output-http-pre8 │ ├── README.md │ ├── default.yaml │ ├── expected │ │ └── http_lua.log │ ├── http.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-output-http │ ├── README.md │ ├── default.yaml │ ├── expected │ │ └── http_lua.log │ ├── http.lua │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── lua-output-smtp-pre8 │ ├── README.txt │ ├── default.yaml │ ├── expected │ │ └── smtp_lua.log │ ├── smtp.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-output-smtp │ ├── README.txt │ ├── default.yaml │ ├── expected │ │ └── smtp_lua.log │ ├── smtp.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-output-stats-pre8 │ ├── README.md │ ├── suricata.yaml │ ├── test.lua │ ├── test.pcap │ └── test.yaml ├── lua-output-stats │ ├── README.md │ ├── suricata.yaml │ ├── test.lua │ ├── test.pcap │ └── test.yaml ├── lua-output-streaming-pre8 │ ├── expected │ │ ├── 6-172.16.1.68-162.209.114.75-58384-80 │ │ └── http-6-172.16.1.68-162.209.114.75-58384-80 │ ├── streaming-http.lua │ ├── streaming-tcp.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-output-streaming │ ├── expected │ │ ├── 6-172.16.1.68-162.209.114.75-58384-80 │ │ └── http-6-172.16.1.68-162.209.114.75-58384-80 │ ├── streaming-http.lua │ ├── streaming-tcp.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-scfileinfo-pre8 │ ├── expected │ │ └── scfileinfo.log │ ├── scfileinfo.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-scfileinfo │ ├── README.md │ ├── expected │ │ └── scfileinfo.log │ ├── filecontainer-http-slice.pcap │ ├── scfileinfo.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-scflowstats-pre8 │ ├── README.md │ ├── expected │ │ └── lua-scflowstats.log │ ├── lua-scflowstats.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-scflowtuple-pre8 │ ├── README.md │ ├── expected │ │ └── scflow-tuple.log │ ├── scflowtuple.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-scpackettuple-pre8 │ ├── README.md │ ├── expected │ │ └── scpacket-tuple.log │ ├── scpackettuple.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-scpackettuple │ ├── README.md │ ├── expected │ │ └── scpacket-tuple.log │ ├── scpackettuple.lua │ ├── suricata.yaml │ └── test.yaml ├── lua-scrule-ids-pre8 │ ├── README.md │ ├── expected │ │ └── lua-scrule-ids.log │ ├── lua-scrule-ids.lua │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── lua-scrule-ids │ ├── README.md │ ├── expected │ │ └── lua-scrule-ids.log │ ├── lua-scrule-ids.lua │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── lua │ ├── lua-bad-script │ │ ├── README.md │ │ ├── error.lua │ │ ├── logging.yaml │ │ ├── match.lua │ │ ├── nomatch.lua │ │ ├── test.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-base64 │ │ ├── README.md │ │ ├── output.lua │ │ ├── rule.lua │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-blocked-function-1 │ │ ├── README.md │ │ ├── ioopen.lua │ │ ├── pcall.lua │ │ ├── test.rules │ │ ├── test.yaml │ │ └── testmyids.pcap │ ├── lua-fastlog │ │ ├── README.md │ │ ├── expected │ │ │ └── fast.log │ │ ├── fast.lua │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-flowintlib │ │ ├── README.md │ │ ├── check-root-count.lua │ │ ├── rootx5.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── update-counter.lua │ ├── lua-hashlib-output │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.lua │ │ ├── test.pcap │ │ └── test.yaml │ ├── lua-hashlib │ │ ├── README.md │ │ ├── test-hashing.lua │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-instruction-limit │ │ ├── README.md │ │ ├── test.lua │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-memory-limit │ │ ├── README.md │ │ ├── test.lua │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-packetlib-01 │ │ ├── packet.lua │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-packetlib-02-restricted-funcs-allowed │ │ ├── packet.lua │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-packetlib-03 │ │ ├── packet.lua │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-packetlib-04-icmp-spdp │ │ ├── packet.lua │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-packetlib-05-default-enabled │ │ ├── packet.lua │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-scflowvarget │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.lua │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-scflowvarset │ │ ├── README.md │ │ ├── getflowvar.lua │ │ ├── input.pcap │ │ ├── setflowvar.lua │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-smtplib │ │ ├── suricata.yaml │ │ ├── test.lua │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-tlslib-01 │ │ ├── README.md │ │ ├── expected │ │ │ └── tlslib_lua.log │ │ ├── input.rules │ │ ├── lua-tlsfunctions.lua │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── lua-tlslib-02 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── input.rules │ │ ├── lua-tlsfunctions.lua │ │ └── test.yaml │ ├── lua-transform-01 │ │ ├── README.md │ │ ├── test.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── transform.lua │ ├── lua-transform-02 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── lua-transform-03 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── transform.lua │ ├── lua-transform-04 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── transform.lua │ ├── lua-transform-05 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── transform.lua │ ├── lua-transform-06 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── transform.lua │ ├── lua-transform-07 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── transform.lua │ ├── lua-transform-08 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ ├── transform-base64.lua │ │ ├── transform-dataset.lua │ │ └── transform-hashlib.lua │ └── lua-transform-09 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── transform.lua ├── mac-eve-multiple-disabled │ ├── multi_mac.pcap │ ├── suricata.yaml │ └── test.yaml ├── mac-eve-multiple │ ├── suricata.yaml │ └── test.yaml ├── mac-eve-packet │ ├── suricata.yaml │ ├── test.pcap │ ├── test.rules │ └── test.yaml ├── mac-eve-single-disabled │ ├── suricata.yaml │ ├── test.pcap │ └── test.yaml ├── mac-eve-single │ ├── suricata.yaml │ └── test.yaml ├── mdns │ ├── test.rules │ └── test.yaml ├── memcap-pressure │ ├── README.md │ ├── test.rules │ └── test.yaml ├── mime │ ├── mime-dec-parse-full-msg-test01 │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── mime-dec-parse-full-msg-test02 │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── mime-dec-parse-line-test01 │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── mime-dec-parse-line-test02 │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── mime-dec-parse-long-filename01 │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── mime-dec-parse-long-filename02 │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── mime-dec-parse-odd-len │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── mime-dec-parse-rem-sp │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── mime-dec-parse-small-rem-inp │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── mime-dec-very-small-inp │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── mime-quoted-printable │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ └── mime-stream-depth │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml ├── modbus │ ├── README.md │ ├── modbus.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-binary-message │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-connect-rules-2 │ ├── mqtt5_pub_jpeg_connack134.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-connect-rules-3 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-connect-rules │ ├── mqtt5_pub_jpeg.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-events-invalid-qos │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-events-missing-connect │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-events-unassigned-msgtype │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-events-unintroduced │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-frames-truncated │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-frames-xpdu │ ├── README.md │ ├── test.rules │ └── test.yaml ├── mqtt-frames │ ├── README.md │ ├── test.rules │ └── test.yaml ├── mqtt-limit-1 │ ├── suricata.yaml │ └── test.yaml ├── mqtt-limit-2 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt-limit-3 │ ├── suricata.yaml │ └── test.yaml ├── mqtt-limit-log-1 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── mqtt-limit-log-2 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── mqtt-limit-log-3 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── mqtt-limit-log-fail │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── mqtt-midstream-split │ ├── README.md │ ├── mqtt-midstream-split.pcap │ └── test.yaml ├── mqtt-ping │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-pub-rules │ ├── mqtt5_pub_jpeg.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-sub-rules │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt-unsub-rules │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt31-pub-qos1 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt31-pub-qos2 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt31-pub-userpass-auto-clientid │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt31-pub-userpass │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt31-sub-userpass │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt31-unsub-qos1 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt31-unsub-qos2 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt31-unsub-userpass │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt311-pub-qos1 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt311-pub-qos2 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt311-pub-userpass-auto-clientid │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt311-pub-userpass │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt311-sub-userpass │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt311-unsub-qos1 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt311-unsub-qos2 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt311-unsub-userpass │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-excessiveproplen │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── mqtt5-pub-mosquittoprops │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-pub-qos1 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-pub-qos2 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-pub-userpass-auto-clientid │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-pub-userpass │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-sub-customauth │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-sub-mosquittoprops │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-sub-userpass │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-unsub-qos1 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-unsub-qos2 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── mqtt5-unsub-userpass │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── multi-tenant-01 │ ├── a.rule │ ├── a.yaml │ ├── b.rule │ ├── b.yaml │ ├── base.rules │ ├── c.rule │ ├── c.yaml │ ├── d.rule │ ├── d.yaml │ ├── suricata.yaml │ └── test.yaml ├── multi-tenant-02-test │ ├── a.rule │ ├── a.yaml │ ├── b.rule │ ├── b.yaml │ ├── base.rules │ ├── c.rule │ ├── c.yaml │ ├── d.rule │ ├── d.yaml │ ├── suricata.yaml │ └── test.yaml ├── multi-tenant-03-pcap │ ├── a.rule │ ├── a.yaml │ ├── b.rule │ ├── b.yaml │ ├── base.rules │ ├── c.rule │ ├── c.yaml │ ├── d.rule │ ├── d.yaml │ ├── suricata.yaml │ └── test.yaml ├── netflow-eve │ ├── suricata.yaml │ └── test.yaml ├── nfs-bug-5140 │ ├── README.md │ ├── nfsv2.pcap │ ├── test.rules │ └── test.yaml ├── nfs-udp-only │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── nfs3-01 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── nfs3-procedure │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── nfs3-readdirplus │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── nfs4-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── output-eve-anomaly-01 │ ├── suricata.yaml │ └── test.yaml ├── output-eve-anomaly-02 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── output-eve-anomaly-03 │ ├── suricata.yaml │ └── test.yaml ├── output-eve-anomaly-04 │ ├── suricata.yaml │ └── test.yaml ├── output-eve-anomaly-05 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── output-eve-anomaly-packethdr │ ├── anomaly.pcap │ ├── suricata.yaml │ └── test.yaml ├── output-eve-dhcp-01 │ ├── suricata.yaml │ └── test.yaml ├── output-eve-fileinfo │ ├── expected │ │ └── eve.json │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── output-eve-ftp-data │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── output-eve-ftp │ └── test.yaml ├── output-eve-rdp-01 │ ├── suricata.yaml │ └── test.yaml ├── output-eve-smb-01 │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── output-eve-tftp-01 │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── output-multi-eve │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── output-pcap-log-conditional-alert │ ├── default.yaml │ ├── expected │ │ └── log.pcap.1444144603 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── output-pcap-log-conditional-noalert │ ├── default.yaml │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── output-pcap-log-conditional-tag-alert │ ├── default.yaml │ ├── expected │ │ └── log.pcap.1444144603 │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── output-pcap-log-filter │ ├── README.md │ ├── expected │ │ └── log.pcap.1444144603 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── output-pcap-log │ ├── default.yaml │ ├── expected │ │ └── log.pcap.1444144603 │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── output-tcp-data │ ├── default.yaml │ ├── expected │ │ └── tcp-data.log │ ├── suricata.yaml │ └── test.yaml ├── pcap-log-lz4-01 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── pcap-log-lz4-02-multi │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── pcap-log-lz4-03-multi-ring │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── pcap-log-lz4-04-multi-ring-profile │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── pcap-log-lz4-05-tunnel │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── pcap-log-lz4-write │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── pcap-log-uncompressed-01 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── pcap-log-uncompressed-02-multi │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── pcap-log-uncompressed-03-multi-bpf │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── pcre-invalid-rule-01 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── pgsql-bug-6080-probe-test-01 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.yaml │ └── writepcap.py ├── pgsql │ ├── pgsql-5000-query-results │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── pgsql-5524 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── pgsql-7000-ids │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── pgsql-bug-5579 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── pgsql-bug-6092-log-flags-and-metadata-01 │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── pgsql-bug-6092-log-flags-and-metadata-02 │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── pgsql-bug-6983-ids │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── pgsql-bug-6983-ips │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── pgsql-cancel-request │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── pgsql-copy-data-in │ │ ├── README.md │ │ ├── TLPW-Jason-copyfrom-small.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── pgsql-copy-data-out │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── pgsql-events │ │ ├── README.md │ │ ├── UnknownMessage.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── pgsql-pwd-output-disabled │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── pgsql-query-keyword-01 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── pgsql-query-keyword-02 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── pgsql-simple-query-rollback │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── pgsql-ssl-rejected-md5-auth-simple-query │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ └── pgsql-upgrade-tls │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ └── test.yaml ├── pop3-02-bug-7709 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── pop3-03-bug-7709 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── pop3-auth-01 │ ├── Makefile │ ├── input.pcap │ ├── pop3.syn │ └── test.yaml ├── pop3 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── pppoe │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── pre8 │ ├── lua-match-scrule │ │ ├── README.md │ │ ├── lua-scrule-action.lua │ │ ├── lua-scrule-class.lua │ │ ├── lua-scrule-ids.lua │ │ ├── lua-scrule-msg.lua │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ └── lua-scflowvarget │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.lua │ │ ├── test.rules │ │ └── test.yaml ├── prefilter-multibuf-multipkts │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── proto-mismatch-http-ssh │ ├── app-layer-events.rules │ └── test.yaml ├── protocol-change-failed-event │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── quic-ack3 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── quic-alerts │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── quic-cyu │ ├── input.pcap │ └── test.yaml ├── quic-frag-middle-gap │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── quic-frag-unordered │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── quic-frag-wait │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── quic-frag │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── quic-ietf-ja3 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── quic-ietf │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── quic-initial-not-first │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── quic-retry-multiple │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── quic-retry │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── quic-v2-ja3 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── quic-v2 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── rdp-protocol │ ├── RDP-003.pcap │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── reference-01 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── reference-02 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── reference-03 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── reference-04 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── reference-config-validate-01 │ ├── reference.config │ ├── test.rules │ └── test.yaml ├── reference-config-validate-02 │ ├── reference.config │ ├── test.rules │ └── test.yaml ├── reputation-config │ ├── README.md │ ├── iprep-categories.txt │ ├── reputation-config-cr-lf │ │ ├── iprep-data.txt │ │ └── test.yaml │ ├── reputation-config-cr │ │ ├── iprep-data.txt │ │ └── test.yaml │ ├── reputation-config-lf │ │ ├── iprep-data.txt │ │ └── test.yaml │ ├── test.py │ ├── test.rules │ └── threshold.config ├── requires-7-unknown │ ├── README.md │ ├── test.rules │ └── test.yaml ├── requires-fail │ ├── README.md │ ├── test.rules │ └── test.yaml ├── requires-ok │ ├── README.md │ ├── test.rules │ └── test.yaml ├── requires-unknown │ ├── README.md │ ├── test.rules │ └── test.yaml ├── rfb-frames │ ├── README.md │ ├── test.rules │ └── test.yaml ├── rfb-parser │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── rfb-partial-tx │ ├── in.pcap │ ├── suricata.yaml │ └── test.yaml ├── rfb-protocol-3.3 │ ├── 06-vnc-Password-3.3.pcap │ ├── suricata.yaml │ └── test.yaml ├── rfb-protocol-3.7 │ ├── suricata.yaml │ └── test.yaml ├── rfb-protocol-3.8 │ ├── 04-vnc-openwall-3.8.pcap │ ├── suricata.yaml │ └── test.yaml ├── rfb-rules-8 │ ├── test.rules │ └── test.yaml ├── rfb-rules │ ├── 00-vnc-openwall-3.7.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── rule-grouping │ ├── rule-grouping-1 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-10 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-11 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-12 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-13 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-14 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-15 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-16 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-17 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-18 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-19 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-2 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-3 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-4 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-5 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-6 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-7 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-grouping-8 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ └── rule-grouping-9 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml ├── rule-hooks │ ├── http-body-hook-01 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── pkt-hook-flow-start-01 │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-handshake-01-ips-sni │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ └── tls-handshake-02-ips-sni-drop │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml ├── rule-types │ ├── rule-types.rules │ └── test.yaml ├── rules │ ├── absent │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── app-layer-protocol │ │ ├── test.rules │ │ └── test.yaml │ ├── bug-5177 │ │ ├── bug-5177.rules │ │ └── test.yaml │ ├── content │ │ ├── test.rules │ │ └── test.yaml │ ├── dce_stub_data │ │ ├── test.rules │ │ └── test.yaml │ ├── detect-bidir-http-rule │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── detect-bidir-ja3-rule │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dns_query │ │ ├── test.rules │ │ └── test.yaml │ ├── dsize-8.0.0 │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── dsize │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── file_data │ │ ├── test.rules │ │ └── test.yaml │ ├── filemagic │ │ ├── test.rules │ │ └── test.yaml │ ├── flow_age │ │ ├── test.rules │ │ └── test.yaml │ ├── flowbit-engine-analysis │ │ ├── test.rules │ │ └── test.yaml │ ├── flowbits │ │ ├── test.rules │ │ └── test.yaml │ ├── flowints │ │ ├── test.rules │ │ └── test.yaml │ ├── ftpbounce │ │ ├── test.rules │ │ └── test.yaml │ ├── http-header │ │ ├── test.rules │ │ └── test.yaml │ ├── http-request-body │ │ ├── test.rules │ │ └── test.yaml │ ├── http-response-body │ │ ├── test.rules │ │ └── test.yaml │ ├── http_uri │ │ ├── test.rules │ │ └── test.yaml │ ├── icmp_code │ │ ├── test.rules │ │ └── test.yaml │ ├── icmp_id │ │ ├── test.rules │ │ └── test.yaml │ ├── ipopts │ │ ├── test.rules │ │ └── test.yaml │ ├── pgsql-7000 │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── prefilter │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-type-app-layer │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-type-app-tx │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-type-de-only │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-type-ip-only │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-type-like-ip-only │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-type-pd-only │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-type-pkt-stream │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-type-pkt │ │ ├── test.rules │ │ └── test.yaml │ ├── rule-type-stream │ │ ├── test.rules │ │ └── test.yaml │ ├── stream_size │ │ ├── test.rules │ │ └── test.yaml │ ├── tcp-mss │ │ ├── test.rules │ │ └── test.yaml │ ├── tcp-seq-keyword │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── tcp_ack │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── tcp_window │ │ ├── test.rules │ │ └── test.yaml │ ├── time_to_live │ │ ├── test.rules │ │ └── test.yaml │ ├── uricontent │ │ ├── test.rules │ │ └── test.yaml │ └── xbits │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml ├── security-4710-01 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── security-4710-02 │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── show-help │ ├── README.md │ └── test.yaml ├── sip-body-frames │ ├── README.md │ ├── public-cloudshark-sip-s0.pcap │ ├── sip-frames.rules │ └── test.yaml ├── sip-compact-form │ ├── Makefile │ ├── README.md │ ├── sip_compact_form.pcap │ ├── sip_compact_form.syn │ ├── test.rules │ └── test.yaml ├── sip-content-length │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-content-type │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-from │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-header-multi-value │ ├── Makefile │ ├── README.md │ ├── sip_header_multi_val.pcap │ ├── sip_header_multi_val.syn │ ├── test.rules │ └── test.yaml ├── sip-method │ ├── README.md │ ├── sip.pcap │ ├── test.rules │ └── test.yaml ├── sip-pattern-matching │ ├── Makefile │ ├── README.md │ ├── sip-pattern-matching.syn │ ├── sip.pcap │ └── test.yaml ├── sip-protocol │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-request-line │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-response-line │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-sdp │ ├── Makefile │ ├── README.md │ ├── sdp.pcap │ ├── sdp.syn │ ├── test.rules │ └── test.yaml ├── sip-stat-code │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-stat-msg │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-tcp-body-frames │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-tcp-method │ ├── README.md │ ├── sip-tcp.pcap │ ├── sip_client.c │ ├── sip_server.c │ ├── test.rules │ └── test.yaml ├── sip-tcp-pattern-matching │ ├── Makefile │ ├── README.md │ ├── sip-tcp-pattern-matching.syn │ ├── sip.pcap │ └── test.yaml ├── sip-tcp-protocol │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-tcp-request-line │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-tcp-response-line │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-tcp-stat-code │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-tcp-stat-msg │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-tcp-uri │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-to │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-uri │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-user-agent │ ├── README.md │ ├── test.rules │ └── test.yaml ├── sip-via │ ├── README.md │ ├── test.rules │ └── test.yaml ├── smb-dce_iface │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smb-dce_opnum │ ├── test.rules │ └── test.yaml ├── smb-eicar-andx │ ├── README.md │ ├── smbandx.pcap │ ├── test.rules │ └── test.yaml ├── smb-eicar-file-frames │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── smb-eicar-file-nbss-more-ffsmb │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smb-eicar-file-segmentation-postheader │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smb-eicar-file-segmentation-random │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smb-eicar-file │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smb-eicar-overlap │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smb-eicar-padding │ ├── README.md │ ├── smb1_eicar_andx_write_padding2.pcap │ ├── test.rules │ └── test.yaml ├── smb-filename │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smb-length-5770 │ ├── README.md │ ├── input.pcap │ ├── proxy_smb2.py │ └── test.yaml ├── smb-length-5786 │ ├── README.md │ ├── input.pcap │ ├── proxy_smb2.py │ └── test.yaml ├── smb-log-conf-01 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── smb-log-conf-02 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── smb-named-pipe-ascii-frames │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── smb-named-pipe-ascii │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smb-named-pipe-unicode │ ├── README.md │ ├── test.rules │ └── test.yaml ├── smb-version-keyword-invalid │ ├── README.md │ ├── test.rules │ └── test.yaml ├── smb-version-keyword │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smb1-01 │ ├── README.md │ ├── smb1.pcap │ └── test.yaml ├── smb1-02 │ ├── README.md │ ├── smb1_osx.pcap │ └── test.yaml ├── smb1-03-midstream │ ├── README.md │ ├── smb1_osx-s1-midstream-modified.pcap │ ├── test.rules │ └── test.yaml ├── smb2-01 │ ├── README.md │ ├── smb2-peter.pcap │ └── test.yaml ├── smb2-02 │ ├── README.md │ └── test.yaml ├── smb2-03-rule │ ├── README.md │ ├── filedata.rules │ ├── smb2.pcap │ └── test.yaml ├── smb2-04 │ ├── 20171220_smb_at_schedule.pcap │ ├── README.md │ ├── test.yaml │ └── test.yaml.old ├── smb2-05 │ ├── 20171220_smb_mimikatz_copy_to_host.pcap │ ├── README.md │ └── test.yaml ├── smb2-06 │ ├── 20171220_smb_net_user.pcap │ ├── README.md │ └── test.yaml ├── smb2-07-frames │ ├── README.md │ ├── test.rules │ └── test.yaml ├── smb2-07 │ ├── 20171220_smb_psexec_add_user.pcap │ ├── README.md │ └── test.yaml ├── smb2-08-rule │ ├── README.md │ ├── test.rules │ └── test.yaml ├── smb2-09-trunc-file-logging │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── smb2-async-read │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smb2-async │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smb2-delete │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smb2-frames-gap-payload-logging-02 │ ├── smb2-peter-minus-p191-p192.pcap │ ├── test.rules │ └── test.yaml ├── smb2-frames-gap-payload-logging │ ├── smb2-peter-minus-p191.pcap │ ├── test.rules │ └── test.yaml ├── smb2-named-pipe-unicode │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smb2-ntlmssp-negotiateflags │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smb2-ntlmssp-order │ ├── README.md │ ├── smb2.pcap │ └── test.yaml ├── smb3-01 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smb3-02-midstream │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smb3-03-midstream │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smtp-attachment-md5 │ ├── input.pcap │ ├── target.md5 │ ├── test.rules │ └── test.yaml ├── smtp-bug-5981 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── smtp-bug-5989 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smtp-bug-6053 │ ├── Makefile │ ├── README.md │ ├── input.pcap │ ├── smtp-too-long-command.syn │ └── test.yaml ├── smtp-data-rejected │ ├── 10.7.29.101_49898-178.63.41.150_25.pcap │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── smtp-errors │ ├── README.md │ ├── smtperr.pcap │ └── test.yaml ├── smtp-eve │ ├── test.rules │ └── test.yaml ├── smtp-extract-url-schemes │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── smtp-file-data-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smtp-file-data-02 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── smtp-keywords │ ├── README.md │ ├── test.rules │ └── test.yaml ├── smtp-long-DATA-line-02-frames │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── smtp-long-DATA-line-03-frames-ips │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── smtp-long-DATA-line │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── smtp-long-command │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smtp-md5 │ ├── suricata.yaml │ └── test.yaml ├── smtp-pipelining │ ├── README.md │ ├── client.py │ ├── input.pcap │ └── test.yaml ├── smtp-raw-extraction │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── smtp-rfc2231 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smtp-rset-starttls │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smtp-rset │ ├── README.md │ ├── client.py │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── smtp-startssl │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smtp-tls-protodetect │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── smtp-to-comma │ ├── 10.7.29.101_49898-178.63.41.150_25.pcap │ ├── README.md │ └── test.yaml ├── smtp-url-base64 │ ├── README.md │ ├── smtp-url-b64.pcap │ ├── smtptxtpcap.py │ ├── suricata.yaml │ └── test.yaml ├── smtp-url-schemes-bug-5174 │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── smtp │ └── test.yaml ├── snmp-community │ ├── README.md │ ├── test.rules │ └── test.yaml ├── snmp-detection-only │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── snmp-disabled │ ├── README.md │ ├── suricata.yaml │ └── test.yaml ├── snmp-pdu-type │ ├── README.md │ ├── test.rules │ └── test.yaml ├── snmp-v2c-get │ ├── README.md │ ├── SNMPv2c_get_requests.pcap │ ├── test.rules │ └── test.yaml ├── snmp-v3-encrypted │ ├── README.md │ ├── SNMPv3.pcap │ ├── min7.rules │ └── test.yaml ├── snmp-v3-unauth │ ├── README.md │ ├── snmp-v3-get-bulk-unauth.pcap │ └── test.yaml ├── ssh-banner-only │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── ssh-frames │ ├── README.md │ ├── test.rules │ └── test.yaml ├── ssh-hassh-incomplete │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── ssh-hassh-only │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── ssh-hassh-reassembled │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── ssh-hassh │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── ssh-lua-hassh │ ├── test-ssh-resp.lua │ ├── test-ssh.lua │ ├── test.rules │ └── test.yaml ├── ssh-lua-output │ ├── README.md │ ├── output.lua │ ├── suricata.yaml │ └── test.yaml ├── ssh-lua-rules │ ├── test-ssh.lua │ ├── test.rules │ └── test.yaml ├── ssh-newkeys │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── ssl_version_negated │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── sslv2-tls-upgrade-01 │ ├── ssl-v2-s1.pcap │ ├── test.rules │ └── test.yaml ├── stream-async │ └── http │ │ ├── stream-async-6063-cli-01 │ │ ├── README.md │ │ ├── async-oneside-test.rules │ │ ├── http-request-header-async-cli.pcap │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── stream-async-6063-cli-02 │ │ ├── README.md │ │ ├── async-oneside-test.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── stream-async-6063-cli-03 │ │ ├── README.md │ │ ├── async-oneside-test.rules │ │ ├── suricata.yaml │ │ └── test.yaml │ │ ├── stream-async-6063-srv-01 │ │ ├── README.md │ │ ├── http-request-header-async-srv.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ │ ├── stream-async-6063-srv-02 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ │ └── stream-async-6063-srv-03 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml ├── stream-depth-reached-event │ ├── test.rules │ └── test.yaml ├── streamsize-keyword-02-prefilter │ ├── README.md │ ├── test.rules │ └── test.yaml ├── streamsize-keyword-03-prefilter-pseudo │ ├── README.md │ ├── test.rules │ └── test.yaml ├── streamsize-keyword │ ├── README.md │ ├── test.rules │ └── test.yaml ├── tcp-5379 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── tcp-async-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── tcp-empty-sack │ ├── tcp-opt.pcap │ ├── test.rules │ └── test.yaml ├── tcp-fastopen-01 │ ├── README.md │ ├── test.rules │ ├── test.yaml │ └── tfo.pcap ├── tcp-fastopen-02 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── tcp-fastopen-03 │ ├── README.md │ ├── test.rules │ ├── test.yaml │ └── tfo.pcap ├── tcp-fastopen-04 │ ├── test.rules │ └── test.yaml ├── tcp-fastopen-05 │ ├── test.rules │ ├── test.yaml │ └── tfo.pcap ├── tcp-fastopen-06 │ ├── README.md │ ├── local.rules │ ├── test.yaml │ └── tfo-s1.pcap ├── tcp-fastopen-07 │ ├── tcp_fastopen_segmentation.pcap │ ├── test.rules │ └── test.yaml ├── tcp-fastopen-08 │ ├── tcp_fastopen_segmentation-s1.pcap │ ├── test.rules │ └── test.yaml ├── tcp-fastopen-09 │ ├── tcp-opt-invalid-warning.pcap │ ├── test.rules │ └── test.yaml ├── tcp-fastopen-10-syn-data-ignore │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── tcp-fastopen-11-reject-syn-data │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ ├── test.yaml │ └── tlpw-tcp-tfo-data-on-syn-nack.pcap ├── tcp-fastopen-12 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── tcp-hdr-keyword │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── tcp-mss-keyword │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── tcp-protodetect-bailout │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── tcp-rst-unacked-stream-01-raw │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── tcp-rst-unacked-stream-02-raw-ips │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── tcp-rst-unacked-stream-03-gap │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── tcp-rst-unacked-stream-04-gap-ips │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── tcp-rst-unacked-stream-05-http-nogap │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── tcp-rst-unacked-stream-06-http-nogap-ips │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── tcp-rst-unacked-stream-07-http │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── tcp-rst-unacked-stream-08-http-ips │ ├── README.md │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── tcp-rst-unacked-stream-09 │ ├── README.md │ ├── TLPW1-tcp-110.37.219.134-10.12.14.101-tcp-990-49230.pcap │ ├── suricata.yaml │ └── test.yaml ├── tcp-rst-unacked-stream-10 │ ├── README.md │ ├── TLPW1-tcp-174.56.47.59-10.3.11.101-tcp-80-49309.pcap │ ├── suricata.yaml │ └── test.yaml ├── tcp-rst-unacked-stream-11 │ ├── README.md │ ├── TLPW1-tcp-47.32.209.86-10.11.23.101-tcp-80-49470.pcap │ ├── suricata.yaml │ └── test.yaml ├── tcp-rst-unacked-stream-12 │ ├── README.md │ ├── TLPW1-tcp-110.37.219.134-10.12.14.101-tcp-990-49254.pcap │ ├── suricata.yaml │ └── test.yaml ├── tcp-split-handshake-01-4whs │ ├── README.md │ ├── split-handshake-4whs.pcap │ ├── split-handshake.py │ ├── test.rules │ └── test.yaml ├── tcp-split-handshake-02-5whs │ ├── README.md │ ├── split-handshake-5whs.pcap │ ├── test.rules │ └── test.yaml ├── tcp-stream-after-swap │ ├── README.md │ ├── http-start-from-response.pcap │ └── test.yaml ├── tcp-urgp-01-oob │ ├── suricata.rules │ ├── tcp-urgent1.pcap │ └── test.yaml ├── tcp-urgp-02-drop-ips │ ├── suricata.rules │ ├── tcp-urgent1.pcap │ └── test.yaml ├── tcp-urgp-03-inline │ ├── suricata.rules │ ├── tcp-urgent1.pcap │ └── test.yaml ├── tcp-urgp-04-2byte-XY │ ├── README.md │ ├── suricata.rules │ ├── tcp-urgent-2byte-XY.pcap │ └── test.yaml ├── tcp-urgp-06-oob-within-limit │ ├── suricata.rules │ ├── tcp-urgent-1byte-64k.pcap │ └── test.yaml ├── tcp-urgp-07-oob-exceed-limit │ ├── suricata.rules │ ├── tcp-urgent-1byte-66k.pcap │ └── test.yaml ├── tcp-urgp-08-oob-exceed-limit-gap │ ├── suricata.rules │ ├── tcp-urgent-1byte-66k.pcap │ └── test.yaml ├── tcp-urgp-09-oob-exceed-limit-inline │ ├── suricata.rules │ ├── tcp-urgent-1byte-66k.pcap │ └── test.yaml ├── telnet │ └── telnet-01 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── telnet.pcap │ │ ├── test.rules │ │ └── test.yaml ├── test-bad-byte-extract-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-byte-extract-rule-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-content-dsize-rule-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-content-dsize-rule-3 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-content-quotes-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-depth-depth-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-depth-distance-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-depth-distance-rule-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-depth-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-depth-within-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-depth-within-rule-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-dsize-offset-rule-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-dsize-range-offset-rule-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-dsize-range-rule-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-hex-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-hex-rule-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-hex-rule-3 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-http-host-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-http-host-rule-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-negate-fast-pattern-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-offset-distance-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-offset-offset-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-offset-within-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-quotation-marks-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-relative-keyword-fast-pattern-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-semicolon-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-semicolon-rule-2 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bad-within-within-rule-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-bsize-values-1 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── test-bsize-values-2 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── test-config-empty-rule-file │ ├── README.md │ ├── empty.rules │ ├── suricata.yaml │ └── test.yaml ├── test-content-limits-1 │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── test-dsize-values │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── test-ruleparse-etopen-01 │ ├── README.md │ ├── classification.config │ ├── emerging-all.rules │ ├── test.yaml │ └── threshold.config ├── test-unreachable-distance-1 │ ├── test.rules │ └── test.yaml ├── test-valid-json │ ├── pawpatrules.rules │ ├── suricata.yaml │ └── test.yaml ├── tftp-tx-handling-rrq │ └── test.yaml ├── tftp-tx-handling-wrq │ ├── input.pcap │ └── test.yaml ├── threshold-config-byrule │ ├── README.md │ ├── input.rules │ ├── test.yaml │ └── threshold.config ├── threshold-config-validate-01 │ ├── test.rules │ ├── test.yaml │ └── threshold.config ├── threshold-config-validate-02 │ ├── test.rules │ ├── test.yaml │ └── threshold.config ├── threshold │ ├── detection_filter-rule-flow │ │ ├── test.rules │ │ └── test.yaml │ ├── detection_filter-rule-hostsrc │ │ ├── test.rules │ │ └── test.yaml │ ├── threshold-config-rate-filter-alert-flow │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-alert-hostdst │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-alert-hostsrc │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-alert-pair │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-alert-rule │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-drop-hostdst │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-drop-hostsrc │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-drop-ippair │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-drop-rule │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-pass-hostdst │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-pass-hostsrc │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-pass-pair │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-pass-rule │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-reject-hostdst │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-reject-hostsrc │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-reject-pair │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-rate-filter-reject-rule │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-suppress-bydst-ip │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-suppress-bydst-ipsubnet │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-suppress-bydst-ipvar │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-suppress-byeither-ip │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-suppress-byeither-ipsubnet │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-suppress-byeither-ipvar │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-suppress-bysrc-ip │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-suppress-bysrc-ipsubnet │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-suppress-bysrc-ipvar │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-threshold-both-flow │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-threshold-limit-flow │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-config-threshold-threshold-flow │ │ ├── README.md │ │ ├── input.rules │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── threshold.config │ ├── threshold-rule-flow-backoff-single-flow │ │ ├── test.rules │ │ └── test.yaml │ ├── threshold-rule-flow-backoff │ │ ├── test.rules │ │ └── test.yaml │ └── threshold-rule-flow │ │ ├── README.md │ │ ├── icmp.pcap │ │ ├── test.rules │ │ └── test.yaml ├── tls-alpn-client-log-01 │ └── test.yaml ├── tls-alpn-log-detect-02 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── tls-duplicate-hello │ ├── README.md │ ├── cli.py │ ├── input.pcap │ ├── srv.go │ ├── test.rules │ └── test.yaml ├── tls-extra-alert-engine-analysis │ ├── README.md │ ├── test.rules │ └── test.yaml ├── tls-extra-alert │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── tls │ ├── bug-7286-tls-metadata-01 │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── bug-7286-tls-metadata-02 │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── tls-altname-zero │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-bypass-missing-event │ │ ├── test.rules │ │ ├── test.yaml │ │ └── tor_bl.pcap │ ├── tls-cert-chain-len │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-cert-issuer │ │ ├── test.yaml │ │ ├── tls.pcap │ │ └── tls.rules │ ├── tls-cert-noissuer │ │ ├── README.md │ │ ├── test.yaml │ │ ├── tls.pcap │ │ └── tls.rules │ ├── tls-certs-alert │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-client-cert-01 │ │ ├── test.yaml │ │ └── tls.rules │ ├── tls-client-hello-frag-01 │ │ ├── dump_mtu300.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-eve-custom-fields │ │ ├── README.md │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── tls-fin-close-data-01 │ │ ├── debug-s13.pcap │ │ └── test.yaml │ ├── tls-fingerprint-alert │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-glupteba-mb │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-glupteba │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-issuerdn │ │ ├── README │ │ ├── test.yaml │ │ └── tls.rules │ ├── tls-ja3s-pre8 │ │ ├── suricata.yaml │ │ ├── test-ja3s-hash.lua │ │ ├── test-ja3s-string.lua │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-ja3s-requires-off │ │ ├── suricata.yaml │ │ ├── test-ja3s-hash.lua │ │ ├── test-ja3s-string.lua │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-ja3s-requires │ │ ├── suricata.yaml │ │ ├── test-ja3s-hash.lua │ │ ├── test-ja3s-string.lua │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-ja3s │ │ ├── suricata.yaml │ │ ├── test-ja3s-hash.lua │ │ ├── test-ja3s-string.lua │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-json-output-ids │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── tls-json-output-ips │ │ ├── suricata.yaml │ │ └── test.yaml │ ├── tls-pre-1970 │ │ ├── README.md │ │ ├── input.pcap │ │ └── test.yaml │ ├── tls-random-6989 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-random │ │ ├── README │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── tls-store-01 │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── tls.rules │ ├── tls-store-02 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ ├── tls-client-auth.pcap │ │ └── tls.rules │ ├── tls-subject │ │ ├── README │ │ ├── test.yaml │ │ └── tls.rules │ ├── tls-subjectaltname │ │ ├── README │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ ├── tls13-draft14 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── tls13_draft14.pcap │ ├── tls13-draft18 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── tls13_draft18.pcap │ ├── tls13-draft19 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── tls13_draft19.pcap │ ├── tls13-draft22 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── tls13_draft22.pcap │ ├── tls13-draft23 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── tls13_draft23.pcap │ ├── tls13-draft28-frames │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ └── test.yaml │ └── tls13-draft28 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.yaml │ │ └── tls13_draft28.pcap ├── transform-base64-7296 │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── transform-header-lowercase │ ├── README.md │ ├── test.rules │ └── test.yaml ├── transform-strip-pseudo-headers │ ├── README.md │ ├── test.rules │ └── test.yaml ├── truncate-applayer-test-01 │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml ├── truncate-applayer-test-02 │ ├── README.md │ ├── test.rules │ └── test.yaml ├── udp-5379 │ ├── udp-hlen-invalid-non-strict │ │ ├── README.md │ │ ├── test.rules │ │ └── test.yaml │ ├── udp-hlen-invalid-strict │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ ├── udp-len-invalid │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml │ └── udp-trailing-data │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ └── test.yaml ├── udp-hdr-keyword │ ├── input.pcap │ ├── test.rules │ ├── test.yaml │ └── writepcap.py ├── uricontent │ ├── detect-uricontent-01 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── detect-uricontent-02 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── detect-uricontent-03 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── detect-uricontent-04 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── detect-uricontent-05 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── detect-uricontent-06 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ └── detect-uricontent-07 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py ├── ut-complete │ └── test.yaml ├── ut-leakcheck │ └── test.yaml ├── util-action-tests │ ├── util-action-01 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-02 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-03 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-04 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-05 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-06 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-07 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-08 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-09 │ │ ├── README.md │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-10 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-11 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-12 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-13 │ │ ├── README.md │ │ ├── input.pcap │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-14 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ ├── util-action-15 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py │ └── util-action-16 │ │ ├── README.md │ │ ├── suricata.yaml │ │ ├── test.rules │ │ ├── test.yaml │ │ └── writepcap.py ├── vxlan-decoder-01 │ ├── README.md │ ├── input.pcap │ └── test.yaml ├── vxlan-decoder-02 │ ├── README.md │ ├── test.rules │ ├── test.yaml │ └── vxlan.pcap ├── vxlan-decoder-03 │ ├── README.md │ ├── test.yaml │ └── vxlan.pcap ├── vxlan-decoder-04 │ ├── README.md │ ├── suricata.yaml │ ├── test.rules │ └── test.yaml ├── vxlan-non-zero-reserved-fields │ ├── README.md │ ├── input.pcap │ ├── suricata.yaml │ └── test.yaml ├── websocket-compressed │ ├── README.md │ ├── example_websocket.pcap │ ├── test.rules │ └── test.yaml ├── websocket-ping │ ├── README.md │ ├── input.pcap │ ├── test.rules │ └── test.yaml └── websocket │ ├── README.md │ ├── basic_websockets.pcap │ ├── test.rules │ └── test.yaml └── util └── functions.sh /.github/workflows/builds.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/.github/workflows/builds.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/LICENSE.txt -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/README.md -------------------------------------------------------------------------------- /check-eve.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/check-eve.py -------------------------------------------------------------------------------- /clean.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/clean.sh -------------------------------------------------------------------------------- /createst.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/createst.py -------------------------------------------------------------------------------- /etc/classification.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/etc/classification.config -------------------------------------------------------------------------------- /etc/reference.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/etc/reference.config -------------------------------------------------------------------------------- /etc/suricata-3.1.2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/etc/suricata-3.1.2.yaml -------------------------------------------------------------------------------- /etc/suricata-4.0.3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/etc/suricata-4.0.3.yaml -------------------------------------------------------------------------------- /eve-validator/.gitignore: -------------------------------------------------------------------------------- 1 | /target 2 | -------------------------------------------------------------------------------- /eve-validator/Cargo.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/eve-validator/Cargo.lock -------------------------------------------------------------------------------- /eve-validator/Cargo.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/eve-validator/Cargo.toml -------------------------------------------------------------------------------- /eve-validator/src/main.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/eve-validator/src/main.rs -------------------------------------------------------------------------------- /pcap-check.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/pcap-check.sh -------------------------------------------------------------------------------- /pcapng-check.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/pcapng-check.sh -------------------------------------------------------------------------------- /pcaps/20250129-dns-with-additionals.pcap.txt: -------------------------------------------------------------------------------- 1 | PCAP created by Jason Ish for the purpose of testing DNS keywords. 2 | -------------------------------------------------------------------------------- /pcaps/20250221-dns-ptr.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/pcaps/20250221-dns-ptr.pcap -------------------------------------------------------------------------------- /pcaps/20250221-dns-ptr.pcap.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/pcaps/20250221-dns-ptr.pcap.txt -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | pyyaml 2 | -------------------------------------------------------------------------------- /run.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/run.py -------------------------------------------------------------------------------- /tests/alert-testmyids/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/alert-testmyids/test.yaml -------------------------------------------------------------------------------- /tests/base64/README.md: -------------------------------------------------------------------------------- 1 | Match on base64 operations. 2 | -------------------------------------------------------------------------------- /tests/base64/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/base64/input.pcap -------------------------------------------------------------------------------- /tests/base64/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/base64/test.rules -------------------------------------------------------------------------------- /tests/base64/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/base64/test.yaml -------------------------------------------------------------------------------- /tests/bittorrent-dht/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bittorrent-dht/input.pcap -------------------------------------------------------------------------------- /tests/bittorrent-dht/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bittorrent-dht/test.yaml -------------------------------------------------------------------------------- /tests/bug-1045/smtp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1045/smtp.rules -------------------------------------------------------------------------------- /tests/bug-1045/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1045/test.yaml -------------------------------------------------------------------------------- /tests/bug-130/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-130/input.pcap -------------------------------------------------------------------------------- /tests/bug-130/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-130/test.rules -------------------------------------------------------------------------------- /tests/bug-130/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-130/test.yaml -------------------------------------------------------------------------------- /tests/bug-1401-01/1.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1401-01/1.rules -------------------------------------------------------------------------------- /tests/bug-1401-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1401-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-1401-02/2.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1401-02/2.rules -------------------------------------------------------------------------------- /tests/bug-1401-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1401-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-1401-03/1.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1401-03/1.rules -------------------------------------------------------------------------------- /tests/bug-1401-03/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1401-03/test.yaml -------------------------------------------------------------------------------- /tests/bug-1401-04/2.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1401-04/2.rules -------------------------------------------------------------------------------- /tests/bug-1401-04/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1401-04/test.yaml -------------------------------------------------------------------------------- /tests/bug-1449-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1449-01/README.md -------------------------------------------------------------------------------- /tests/bug-1449-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1449-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-1450-02/README.md: -------------------------------------------------------------------------------- 1 | Pcap generated by Pierre Chifflier 2 | -------------------------------------------------------------------------------- /tests/bug-1450-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1450-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-1450-03/README.md: -------------------------------------------------------------------------------- 1 | Pcap generated by Pierre Chifflier 2 | -------------------------------------------------------------------------------- /tests/bug-1450-03/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1450-03/test.yaml -------------------------------------------------------------------------------- /tests/bug-1450-04/README.md: -------------------------------------------------------------------------------- 1 | Pcap generated by Pierre Chifflier 2 | -------------------------------------------------------------------------------- /tests/bug-1450-04/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1450-04/test.yaml -------------------------------------------------------------------------------- /tests/bug-1450-05/README.md: -------------------------------------------------------------------------------- 1 | Pcap generated by Pierre Chifflier 2 | -------------------------------------------------------------------------------- /tests/bug-1450-05/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-1450-05/test.yaml -------------------------------------------------------------------------------- /tests/bug-2158/dns.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2158/dns.rules -------------------------------------------------------------------------------- /tests/bug-2158/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2158/test.yaml -------------------------------------------------------------------------------- /tests/bug-2190/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2190/input.pcap -------------------------------------------------------------------------------- /tests/bug-2190/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2190/test.rules -------------------------------------------------------------------------------- /tests/bug-2190/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2190/test.yaml -------------------------------------------------------------------------------- /tests/bug-2190/threshold.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2190/threshold.config -------------------------------------------------------------------------------- /tests/bug-2430/backwards.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2430/backwards.pcap -------------------------------------------------------------------------------- /tests/bug-2430/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2430/test.yaml -------------------------------------------------------------------------------- /tests/bug-2482-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2482-01/test.rules -------------------------------------------------------------------------------- /tests/bug-2482-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2482-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-2491-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2491-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-2491-02/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2491-02/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-2491-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2491-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-2511/1.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2511/1.rules -------------------------------------------------------------------------------- /tests/bug-2511/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2511/test.yaml -------------------------------------------------------------------------------- /tests/bug-2512/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2512/test.yaml -------------------------------------------------------------------------------- /tests/bug-2558-01/1.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2558-01/1.rules -------------------------------------------------------------------------------- /tests/bug-2558-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2558-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-2558-02/1.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2558-02/1.rules -------------------------------------------------------------------------------- /tests/bug-2558-02/2008.mp4.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2558-02/2008.mp4.pcap -------------------------------------------------------------------------------- /tests/bug-2558-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2558-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-2576-01-ips/md5list.2576: -------------------------------------------------------------------------------- 1 | 090fe607a5be1228362614ccaa088577 2 | -------------------------------------------------------------------------------- /tests/bug-2576-01-ips/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-01-ips/test.yaml -------------------------------------------------------------------------------- /tests/bug-2576-01/md5list.2576: -------------------------------------------------------------------------------- 1 | 090fe607a5be1228362614ccaa088577 2 | -------------------------------------------------------------------------------- /tests/bug-2576-01/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-01/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-2576-01/temp6.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-01/temp6.pcap -------------------------------------------------------------------------------- /tests/bug-2576-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-01/test.rules -------------------------------------------------------------------------------- /tests/bug-2576-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-2576-02-ips/md5list.2576: -------------------------------------------------------------------------------- 1 | 090fe607a5be1228362614ccaa088577 2 | -------------------------------------------------------------------------------- /tests/bug-2576-02-ips/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-02-ips/test.yaml -------------------------------------------------------------------------------- /tests/bug-2576-02/md5list.2576: -------------------------------------------------------------------------------- 1 | 090fe607a5be1228362614ccaa088577 2 | -------------------------------------------------------------------------------- /tests/bug-2576-02/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-02/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-2576-02/temp1.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-02/temp1.pcap -------------------------------------------------------------------------------- /tests/bug-2576-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-02/test.rules -------------------------------------------------------------------------------- /tests/bug-2576-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-2576-03-ips/md5list.2576: -------------------------------------------------------------------------------- 1 | 090fe607a5be1228362614ccaa088577 2 | -------------------------------------------------------------------------------- /tests/bug-2576-03-ips/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-03-ips/test.yaml -------------------------------------------------------------------------------- /tests/bug-2576-03/md5list.2576: -------------------------------------------------------------------------------- 1 | 090fe607a5be1228362614ccaa088577 2 | -------------------------------------------------------------------------------- /tests/bug-2576-03/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-03/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-2576-03/temp6.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-03/temp6.pcap -------------------------------------------------------------------------------- /tests/bug-2576-03/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-03/test.rules -------------------------------------------------------------------------------- /tests/bug-2576-03/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-03/test.yaml -------------------------------------------------------------------------------- /tests/bug-2576-04-ips/md5list.2576: -------------------------------------------------------------------------------- 1 | 090fe607a5be1228362614ccaa088577 2 | -------------------------------------------------------------------------------- /tests/bug-2576-04-ips/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-04-ips/test.yaml -------------------------------------------------------------------------------- /tests/bug-2576-04/md5list.2576: -------------------------------------------------------------------------------- 1 | 090fe607a5be1228362614ccaa088577 2 | -------------------------------------------------------------------------------- /tests/bug-2576-04/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-04/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-2576-04/temp6.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-04/temp6.pcap -------------------------------------------------------------------------------- /tests/bug-2576-04/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-04/test.rules -------------------------------------------------------------------------------- /tests/bug-2576-04/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2576-04/test.yaml -------------------------------------------------------------------------------- /tests/bug-2646-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2646-01/input.pcap -------------------------------------------------------------------------------- /tests/bug-2646-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2646-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-2646-02/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2646-02/input.pcap -------------------------------------------------------------------------------- /tests/bug-2646-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2646-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-2736-01/23_6594.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2736-01/23_6594.pcap -------------------------------------------------------------------------------- /tests/bug-2736-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2736-01/test.rules -------------------------------------------------------------------------------- /tests/bug-2736-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2736-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-2736-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2736-02/test.rules -------------------------------------------------------------------------------- /tests/bug-2736-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2736-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-2769/README: -------------------------------------------------------------------------------- 1 | Pcap from https://redmine.openinfosecfoundation.org/issues/2769 2 | -------------------------------------------------------------------------------- /tests/bug-2769/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2769/test.rules -------------------------------------------------------------------------------- /tests/bug-2769/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2769/test.yaml -------------------------------------------------------------------------------- /tests/bug-28/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-28/input.pcap -------------------------------------------------------------------------------- /tests/bug-28/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-28/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-28/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-28/test.rules -------------------------------------------------------------------------------- /tests/bug-28/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-28/test.yaml -------------------------------------------------------------------------------- /tests/bug-2917/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2917/README.md -------------------------------------------------------------------------------- /tests/bug-2917/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2917/test.rules -------------------------------------------------------------------------------- /tests/bug-2917/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-2917/test.yaml -------------------------------------------------------------------------------- /tests/bug-3463/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3463/test.rules -------------------------------------------------------------------------------- /tests/bug-3463/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3463/test.yaml -------------------------------------------------------------------------------- /tests/bug-3490/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3490/test.rules -------------------------------------------------------------------------------- /tests/bug-3490/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3490/test.yaml -------------------------------------------------------------------------------- /tests/bug-3515/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3515/test.rules -------------------------------------------------------------------------------- /tests/bug-3515/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3515/test.yaml -------------------------------------------------------------------------------- /tests/bug-3519/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3519/input.pcap -------------------------------------------------------------------------------- /tests/bug-3519/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3519/test.yaml -------------------------------------------------------------------------------- /tests/bug-3616-ips/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3616-ips/input.pcap -------------------------------------------------------------------------------- /tests/bug-3616-ips/input.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3616-ips/input.rules -------------------------------------------------------------------------------- /tests/bug-3616-ips/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3616-ips/test.yaml -------------------------------------------------------------------------------- /tests/bug-3616-smtp/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3616-smtp/input.pcap -------------------------------------------------------------------------------- /tests/bug-3616-smtp/input.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3616-smtp/input.rules -------------------------------------------------------------------------------- /tests/bug-3616-smtp/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3616-smtp/test.yaml -------------------------------------------------------------------------------- /tests/bug-3616/input.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3616/input.rules -------------------------------------------------------------------------------- /tests/bug-3616/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3616/test.yaml -------------------------------------------------------------------------------- /tests/bug-3844/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3844/input.pcap -------------------------------------------------------------------------------- /tests/bug-3844/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3844/test.yaml -------------------------------------------------------------------------------- /tests/bug-3844/writepcap.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-3844/writepcap.py -------------------------------------------------------------------------------- /tests/bug-4199-2/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4199-2/input.pcap -------------------------------------------------------------------------------- /tests/bug-4199-2/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4199-2/test.rules -------------------------------------------------------------------------------- /tests/bug-4199-2/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4199-2/test.yaml -------------------------------------------------------------------------------- /tests/bug-4199-3/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4199-3/test.rules -------------------------------------------------------------------------------- /tests/bug-4199-3/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4199-3/test.yaml -------------------------------------------------------------------------------- /tests/bug-4199-4/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4199-4/input.pcap -------------------------------------------------------------------------------- /tests/bug-4199-4/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4199-4/test.rules -------------------------------------------------------------------------------- /tests/bug-4199-4/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4199-4/test.yaml -------------------------------------------------------------------------------- /tests/bug-4199/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4199/test.rules -------------------------------------------------------------------------------- /tests/bug-4199/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4199/test.yaml -------------------------------------------------------------------------------- /tests/bug-4376/README.md: -------------------------------------------------------------------------------- 1 | PCAP from https://redmine.openinfosecfoundation.org/issues/4376 2 | -------------------------------------------------------------------------------- /tests/bug-4376/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4376/test.rules -------------------------------------------------------------------------------- /tests/bug-4376/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4376/test.yaml -------------------------------------------------------------------------------- /tests/bug-4503/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4503/input.pcap -------------------------------------------------------------------------------- /tests/bug-4503/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4503/test.rules -------------------------------------------------------------------------------- /tests/bug-4503/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4503/test.yaml -------------------------------------------------------------------------------- /tests/bug-4571-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-01/README.md -------------------------------------------------------------------------------- /tests/bug-4571-01/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-01/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-4571-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-01/test.rules -------------------------------------------------------------------------------- /tests/bug-4571-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-4571-02/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-02/README.md -------------------------------------------------------------------------------- /tests/bug-4571-02/ipv6.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-02/ipv6.pcap -------------------------------------------------------------------------------- /tests/bug-4571-02/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-02/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-4571-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-02/test.rules -------------------------------------------------------------------------------- /tests/bug-4571-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-4571-03/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-03/README.md -------------------------------------------------------------------------------- /tests/bug-4571-03/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-03/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-4571-03/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-03/test.rules -------------------------------------------------------------------------------- /tests/bug-4571-03/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-03/test.yaml -------------------------------------------------------------------------------- /tests/bug-4571-04/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-04/README.md -------------------------------------------------------------------------------- /tests/bug-4571-04/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-04/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-4571-04/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-04/test.rules -------------------------------------------------------------------------------- /tests/bug-4571-04/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-04/test.yaml -------------------------------------------------------------------------------- /tests/bug-4571-05/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-05/README.md -------------------------------------------------------------------------------- /tests/bug-4571-05/ipv4.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-05/ipv4.pcap -------------------------------------------------------------------------------- /tests/bug-4571-05/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-05/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-4571-05/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-05/test.rules -------------------------------------------------------------------------------- /tests/bug-4571-05/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-05/test.yaml -------------------------------------------------------------------------------- /tests/bug-4571-06/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-06/README.md -------------------------------------------------------------------------------- /tests/bug-4571-06/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-06/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-4571-06/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-06/test.rules -------------------------------------------------------------------------------- /tests/bug-4571-06/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4571-06/test.yaml -------------------------------------------------------------------------------- /tests/bug-4623/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4623/input.pcap -------------------------------------------------------------------------------- /tests/bug-4623/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4623/test.rules -------------------------------------------------------------------------------- /tests/bug-4623/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4623/test.yaml -------------------------------------------------------------------------------- /tests/bug-4663-02/icmp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663-02/icmp.pcap -------------------------------------------------------------------------------- /tests/bug-4663-02/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663-02/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-4663-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663-02/test.rules -------------------------------------------------------------------------------- /tests/bug-4663-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-4663-03/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663-03/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-4663-03/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663-03/test.rules -------------------------------------------------------------------------------- /tests/bug-4663-03/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663-03/test.yaml -------------------------------------------------------------------------------- /tests/bug-4663/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663/README.md -------------------------------------------------------------------------------- /tests/bug-4663/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663/input.pcap -------------------------------------------------------------------------------- /tests/bug-4663/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-4663/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663/test.rules -------------------------------------------------------------------------------- /tests/bug-4663/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4663/test.yaml -------------------------------------------------------------------------------- /tests/bug-4702-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4702-01/input.pcap -------------------------------------------------------------------------------- /tests/bug-4702-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4702-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-4702-01/writepcap.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4702-01/writepcap.py -------------------------------------------------------------------------------- /tests/bug-4702-02/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap from https://redmine.openinfosecfoundation.org/issues/4702 5 | -------------------------------------------------------------------------------- /tests/bug-4702-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4702-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-4702-02/tsecr.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4702-02/tsecr.pcap -------------------------------------------------------------------------------- /tests/bug-4810/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4810/README.md -------------------------------------------------------------------------------- /tests/bug-4810/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4810/test.yaml -------------------------------------------------------------------------------- /tests/bug-4877/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4877/input.pcap -------------------------------------------------------------------------------- /tests/bug-4877/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4877/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-4877/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4877/test.rules -------------------------------------------------------------------------------- /tests/bug-4877/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4877/test.yaml -------------------------------------------------------------------------------- /tests/bug-4953/README.md: -------------------------------------------------------------------------------- 1 | Pcap from https://www.malware-traffic-analysis.net/ 2 | -------------------------------------------------------------------------------- /tests/bug-4953/file76.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4953/file76.pcap -------------------------------------------------------------------------------- /tests/bug-4953/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-4953/test.yaml -------------------------------------------------------------------------------- /tests/bug-5162/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5162/README.md -------------------------------------------------------------------------------- /tests/bug-5162/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5162/input.pcap -------------------------------------------------------------------------------- /tests/bug-5162/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5162/test.rules -------------------------------------------------------------------------------- /tests/bug-5162/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5162/test.yaml -------------------------------------------------------------------------------- /tests/bug-5197/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5197/README.md -------------------------------------------------------------------------------- /tests/bug-5197/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5197/input.pcap -------------------------------------------------------------------------------- /tests/bug-5197/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5197/test.rules -------------------------------------------------------------------------------- /tests/bug-5197/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5197/test.yaml -------------------------------------------------------------------------------- /tests/bug-5198/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5198/README.md -------------------------------------------------------------------------------- /tests/bug-5198/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5198/test.yaml -------------------------------------------------------------------------------- /tests/bug-5392/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5392/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-5392/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5392/test.yaml -------------------------------------------------------------------------------- /tests/bug-5437-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5437-01/README.md -------------------------------------------------------------------------------- /tests/bug-5437-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5437-01/input.pcap -------------------------------------------------------------------------------- /tests/bug-5437-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5437-01/test.rules -------------------------------------------------------------------------------- /tests/bug-5437-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5437-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-5437-02/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5437-02/README.md -------------------------------------------------------------------------------- /tests/bug-5437-02/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5437-02/input.pcap -------------------------------------------------------------------------------- /tests/bug-5437-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5437-02/test.rules -------------------------------------------------------------------------------- /tests/bug-5437-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5437-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-5486/154.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5486/154.pcap -------------------------------------------------------------------------------- /tests/bug-5486/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5486/README.md -------------------------------------------------------------------------------- /tests/bug-5486/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5486/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-5486/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5486/test.yaml -------------------------------------------------------------------------------- /tests/bug-5633-gre-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5633-gre-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-5633-gre-02/README.md: -------------------------------------------------------------------------------- 1 | Pcap from https://redmine.openinfosecfoundation.org/issues/5633 2 | -------------------------------------------------------------------------------- /tests/bug-5633-gre-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5633-gre-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-5758/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5758/input.pcap -------------------------------------------------------------------------------- /tests/bug-5758/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5758/test.rules -------------------------------------------------------------------------------- /tests/bug-5758/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5758/test.yaml -------------------------------------------------------------------------------- /tests/bug-5802/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5802/README.md -------------------------------------------------------------------------------- /tests/bug-5802/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5802/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-5802/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5802/test.rules -------------------------------------------------------------------------------- /tests/bug-5802/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5802/test.yaml -------------------------------------------------------------------------------- /tests/bug-5881-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5881-01/input.pcap -------------------------------------------------------------------------------- /tests/bug-5881-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5881-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-5929-01/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap from https://redmine.openinfosecfoundation.org/issues/5929 5 | -------------------------------------------------------------------------------- /tests/bug-5929-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5929-01/test.rules -------------------------------------------------------------------------------- /tests/bug-5929-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5929-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-5929-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5929-02/test.rules -------------------------------------------------------------------------------- /tests/bug-5929-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-5929-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-6191/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6191/README.md -------------------------------------------------------------------------------- /tests/bug-6191/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6191/input.pcap -------------------------------------------------------------------------------- /tests/bug-6191/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6191/test.yaml -------------------------------------------------------------------------------- /tests/bug-6207-1/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6207-1/README.md -------------------------------------------------------------------------------- /tests/bug-6207-1/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6207-1/input.pcap -------------------------------------------------------------------------------- /tests/bug-6207-1/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6207-1/test.yaml -------------------------------------------------------------------------------- /tests/bug-6207-2/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6207-2/README.md -------------------------------------------------------------------------------- /tests/bug-6207-2/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6207-2/input.pcap -------------------------------------------------------------------------------- /tests/bug-6207-2/suricata.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6207-2/suricata.rules -------------------------------------------------------------------------------- /tests/bug-6207-2/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6207-2/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-6207-2/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6207-2/test.yaml -------------------------------------------------------------------------------- /tests/bug-6269-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6269-01/input.pcap -------------------------------------------------------------------------------- /tests/bug-6269-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6269-01/test.rules -------------------------------------------------------------------------------- /tests/bug-6269-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6269-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-6269-02-ips/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6269-02-ips/test.yaml -------------------------------------------------------------------------------- /tests/bug-6278-1/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6278-1/README.md -------------------------------------------------------------------------------- /tests/bug-6278-1/suricata.yaml: -------------------------------------------------------------------------------- 1 | %YAML 1.1 2 | --- 3 | 4 | run-as: 5 | user: totally-not-existing-user 6 | -------------------------------------------------------------------------------- /tests/bug-6278-1/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6278-1/test.yaml -------------------------------------------------------------------------------- /tests/bug-6278-2/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6278-2/README.md -------------------------------------------------------------------------------- /tests/bug-6278-2/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6278-2/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-6278-2/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6278-2/test.yaml -------------------------------------------------------------------------------- /tests/bug-6402-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6402-01/input.pcap -------------------------------------------------------------------------------- /tests/bug-6402-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6402-01/test.rules -------------------------------------------------------------------------------- /tests/bug-6402-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6402-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-6617/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6617/README.md -------------------------------------------------------------------------------- /tests/bug-6617/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6617/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-6617/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6617/test.rules -------------------------------------------------------------------------------- /tests/bug-6617/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6617/test.yaml -------------------------------------------------------------------------------- /tests/bug-6859/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6859/README.md -------------------------------------------------------------------------------- /tests/bug-6859/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6859/test.rules -------------------------------------------------------------------------------- /tests/bug-6859/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6859/test.yaml -------------------------------------------------------------------------------- /tests/bug-6875-01/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | Pcap from https://redmine.openinfosecfoundation.org/issues/6875 4 | -------------------------------------------------------------------------------- /tests/bug-6875-01/fuzz.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6875-01/fuzz.pcap -------------------------------------------------------------------------------- /tests/bug-6875-01/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6875-01/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-6875-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6875-01/test.rules -------------------------------------------------------------------------------- /tests/bug-6875-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-6875-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-7126/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7126/README.md -------------------------------------------------------------------------------- /tests/bug-7126/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7126/input.pcap -------------------------------------------------------------------------------- /tests/bug-7126/input.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7126/input.rules -------------------------------------------------------------------------------- /tests/bug-7126/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7126/test.yaml -------------------------------------------------------------------------------- /tests/bug-7199/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7199/README.md -------------------------------------------------------------------------------- /tests/bug-7199/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7199/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-7199/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7199/test.rules -------------------------------------------------------------------------------- /tests/bug-7199/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7199/test.yaml -------------------------------------------------------------------------------- /tests/bug-7389/README.md: -------------------------------------------------------------------------------- 1 | Ensure that extra `-v` switches don't reset verbose level 2 | -------------------------------------------------------------------------------- /tests/bug-7389/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7389/input.pcap -------------------------------------------------------------------------------- /tests/bug-7389/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7389/test.yaml -------------------------------------------------------------------------------- /tests/bug-7390/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7390/README.md -------------------------------------------------------------------------------- /tests/bug-7390/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7390/input.pcap -------------------------------------------------------------------------------- /tests/bug-7390/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7390/test.rules -------------------------------------------------------------------------------- /tests/bug-7390/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7390/test.yaml -------------------------------------------------------------------------------- /tests/bug-7549-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7549-01/README.md -------------------------------------------------------------------------------- /tests/bug-7549-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7549-01/input.pcap -------------------------------------------------------------------------------- /tests/bug-7549-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7549-01/test.rules -------------------------------------------------------------------------------- /tests/bug-7549-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7549-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-7549-02/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7549-02/README.md -------------------------------------------------------------------------------- /tests/bug-7549-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7549-02/test.rules -------------------------------------------------------------------------------- /tests/bug-7549-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7549-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-76/README.md: -------------------------------------------------------------------------------- 1 | PCAP from https://redmine.openinfosecfoundation.org/issues/76 2 | -------------------------------------------------------------------------------- /tests/bug-76/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-76/input.pcap -------------------------------------------------------------------------------- /tests/bug-76/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-76/test.yaml -------------------------------------------------------------------------------- /tests/bug-7657-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7657-01/input.pcap -------------------------------------------------------------------------------- /tests/bug-7657-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7657-01/test.rules -------------------------------------------------------------------------------- /tests/bug-7657-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7657-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-7657-02-ips/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7657-02-ips/test.yaml -------------------------------------------------------------------------------- /tests/bug-7725-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-01/README.md -------------------------------------------------------------------------------- /tests/bug-7725-01/ip_in_ip.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-01/ip_in_ip.pcap -------------------------------------------------------------------------------- /tests/bug-7725-01/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-01/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-7725-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-01/test.rules -------------------------------------------------------------------------------- /tests/bug-7725-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-7725-02/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-02/README.md -------------------------------------------------------------------------------- /tests/bug-7725-02/ip_in_ip.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-02/ip_in_ip.pcap -------------------------------------------------------------------------------- /tests/bug-7725-02/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-02/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-7725-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-02/test.rules -------------------------------------------------------------------------------- /tests/bug-7725-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-7725-03/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-03/README.md -------------------------------------------------------------------------------- /tests/bug-7725-03/ip_in_ip.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-03/ip_in_ip.pcap -------------------------------------------------------------------------------- /tests/bug-7725-03/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-03/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-7725-03/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-03/test.rules -------------------------------------------------------------------------------- /tests/bug-7725-03/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-03/test.yaml -------------------------------------------------------------------------------- /tests/bug-7725-04/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-04/README.md -------------------------------------------------------------------------------- /tests/bug-7725-04/ip_in_ip.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-04/ip_in_ip.pcap -------------------------------------------------------------------------------- /tests/bug-7725-04/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-04/suricata.yaml -------------------------------------------------------------------------------- /tests/bug-7725-04/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-04/test.rules -------------------------------------------------------------------------------- /tests/bug-7725-04/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7725-04/test.yaml -------------------------------------------------------------------------------- /tests/bug-78-http-uri/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-78-http-uri/README -------------------------------------------------------------------------------- /tests/bug-7964-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7964-01/README.md -------------------------------------------------------------------------------- /tests/bug-7964-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7964-01/test.rules -------------------------------------------------------------------------------- /tests/bug-7964-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7964-01/test.yaml -------------------------------------------------------------------------------- /tests/bug-7964-02/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7964-02/README.md -------------------------------------------------------------------------------- /tests/bug-7964-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7964-02/test.rules -------------------------------------------------------------------------------- /tests/bug-7964-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-7964-02/test.yaml -------------------------------------------------------------------------------- /tests/bug-814/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-814/input.pcap -------------------------------------------------------------------------------- /tests/bug-814/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-814/test.rules -------------------------------------------------------------------------------- /tests/bug-814/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/bug-814/test.yaml -------------------------------------------------------------------------------- /tests/classification-config-validate-01/classification.config: -------------------------------------------------------------------------------- 1 | this is not correct 2 | -------------------------------------------------------------------------------- /tests/classification-config-validate-02/classification.config: -------------------------------------------------------------------------------- 1 | this is not correct 2 | -------------------------------------------------------------------------------- /tests/community-id-ipv4/README.md: -------------------------------------------------------------------------------- 1 | # Test Description 2 | 3 | Community ID for IPv4 test. 4 | -------------------------------------------------------------------------------- /tests/content-incomplete-hex-t-version-6-strict/suricata.yaml: -------------------------------------------------------------------------------- 1 | %YAML 1.1 2 | --- 3 | -------------------------------------------------------------------------------- /tests/content-incomplete-hex-t-version-7-init-errors-fatal/suricata.yaml: -------------------------------------------------------------------------------- 1 | %YAML 1.1 2 | --- 3 | -------------------------------------------------------------------------------- /tests/content-incomplete-hex-t-version-7-plus/suricata.yaml: -------------------------------------------------------------------------------- 1 | %YAML 1.1 2 | --- 3 | -------------------------------------------------------------------------------- /tests/datajson/datajson-07-dataset/host.lst: -------------------------------------------------------------------------------- 1 | d3d3LnRlc3RteWlkcy5jb20= 2 | -------------------------------------------------------------------------------- /tests/datajson/datajson-07-dataset/ip.lst: -------------------------------------------------------------------------------- 1 | 10.16.1.11 2 | -------------------------------------------------------------------------------- /tests/datarep-01/dns_string.rep: -------------------------------------------------------------------------------- 1 | Z29vZ2xlLmNvbQ==,255 2 | -------------------------------------------------------------------------------- /tests/datarep-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/datarep-01/input.pcap -------------------------------------------------------------------------------- /tests/datarep-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/datarep-01/test.yaml -------------------------------------------------------------------------------- /tests/datarep-02/dns_md5.rep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/datarep-02/dns_md5.rep -------------------------------------------------------------------------------- /tests/datarep-02/dns_string.rep: -------------------------------------------------------------------------------- 1 | Z29vZ2xlLmNvbQ==,255 2 | -------------------------------------------------------------------------------- /tests/datarep-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/datarep-02/test.yaml -------------------------------------------------------------------------------- /tests/datasets-01/expected/datasets.csv: -------------------------------------------------------------------------------- 1 | Y3VybC83LjQzLjA= 2 | -------------------------------------------------------------------------------- /tests/datasets-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/datasets-01/test.rules -------------------------------------------------------------------------------- /tests/datasets-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/datasets-01/test.yaml -------------------------------------------------------------------------------- /tests/datasets-02-load/datasets.csv: -------------------------------------------------------------------------------- 1 | Y3VybC83LjQzLjA= 2 | -------------------------------------------------------------------------------- /tests/datasets-05-state/expected/state.csv: -------------------------------------------------------------------------------- 1 | ZXhhbXBsZS5jb20= 2 | -------------------------------------------------------------------------------- /tests/datasets-07-state-ip/expected/state.csv: -------------------------------------------------------------------------------- 1 | 1.2.3.4 2 | -------------------------------------------------------------------------------- /tests/datasets-09-load/datasets-ip.csv: -------------------------------------------------------------------------------- 1 | ::ffff:82.165.177.154 2 | -------------------------------------------------------------------------------- /tests/datasets-09-load/datasets-ipv4.csv: -------------------------------------------------------------------------------- 1 | 82.165.177.154 2 | -------------------------------------------------------------------------------- /tests/datasets-10-unset/expected/after.csv: -------------------------------------------------------------------------------- 1 | dXNlcmFnZW50Mg== 2 | -------------------------------------------------------------------------------- /tests/datasets-invalid-encoding/datasets.csv: -------------------------------------------------------------------------------- 1 | Y3VybC83Lj!QzLjA= 2 | -------------------------------------------------------------------------------- /tests/datasets-memcap-01/datasets.csv: -------------------------------------------------------------------------------- 1 | Y3VybC83LjQzLjA= 2 | -------------------------------------------------------------------------------- /tests/datasets-memcap-02/datasets.csv: -------------------------------------------------------------------------------- 1 | Y3VybC83LjQzLjA= 2 | -------------------------------------------------------------------------------- /tests/datasets/datarep-bad-datarep-string/dns_string.rep: -------------------------------------------------------------------------------- 1 | Z29vZ2xlLm;NvbQ==,1 2 | -------------------------------------------------------------------------------- /tests/datasets/datarep-bad-datarep-value/dns_string.rep: -------------------------------------------------------------------------------- 1 | Z29vZ2xlLmNvbQ==,-1 2 | -------------------------------------------------------------------------------- /tests/datasets/datarep-datasets-mix/datasets.csv: -------------------------------------------------------------------------------- 1 | Y3VybC83LjQzLjA= 2 | YmxhaA==,1 3 | -------------------------------------------------------------------------------- /tests/datasets/datasets-datarep-mix/dns_string.rep: -------------------------------------------------------------------------------- 1 | Z29vZ2xlLmNvbQ==,1 2 | YmxhaA== 3 | -------------------------------------------------------------------------------- /tests/dcerpc-smb-test-01/README.md: -------------------------------------------------------------------------------- 1 | Pcap from: 2 | 20171220_smb_psexec_add_user.pcap 3 | -------------------------------------------------------------------------------- /tests/dcerpc/dcerpc-dce-iface-02/README.md: -------------------------------------------------------------------------------- 1 | Tests the dcerpc.iface keyword 2 | -------------------------------------------------------------------------------- /tests/dcerpc/dcerpc-dce-opnum/README.md: -------------------------------------------------------------------------------- 1 | Tests the dce_opnum keyword 2 | -------------------------------------------------------------------------------- /tests/decode-arp-1/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/decode-arp-1/test.yaml -------------------------------------------------------------------------------- /tests/decode-arp-2/README.md: -------------------------------------------------------------------------------- 1 | PCAP from https://www.cloudshark.org/captures/e4d6ea732135/export 2 | -------------------------------------------------------------------------------- /tests/decode-arp-2/arp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/decode-arp-2/arp.pcap -------------------------------------------------------------------------------- /tests/decode-arp-2/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/decode-arp-2/test.yaml -------------------------------------------------------------------------------- /tests/decode-arp-3/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/decode-arp-3/README.md -------------------------------------------------------------------------------- /tests/decode-arp-3/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/decode-arp-3/test.yaml -------------------------------------------------------------------------------- /tests/decode-chdlc-01/README.md: -------------------------------------------------------------------------------- 1 | Ensure Cisco HDLC packets are decoded 2 | -------------------------------------------------------------------------------- /tests/decode-dce/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/decode-dce/README.md -------------------------------------------------------------------------------- /tests/decode-dce/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/decode-dce/input.pcap -------------------------------------------------------------------------------- /tests/decode-dce/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/decode-dce/test.yaml -------------------------------------------------------------------------------- /tests/decode-erspan-typeI-01/README.md: -------------------------------------------------------------------------------- 1 | Ensure ERSPAN Type I packets are decoded 2 | -------------------------------------------------------------------------------- /tests/decode-erspan-typeI-02/README.md: -------------------------------------------------------------------------------- 1 | Ensure ERSPAN Type I packets are decoded when configured 2 | -------------------------------------------------------------------------------- /tests/decode-sctp-01/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | https://redmine.openinfosecfoundation.org/issues/1370 5 | -------------------------------------------------------------------------------- /tests/decode-sll2-01/README.md: -------------------------------------------------------------------------------- 1 | Suricata 8+ Ensure SLL2 packets are decoded 2 | -------------------------------------------------------------------------------- /tests/decode-vntag-01/README.md: -------------------------------------------------------------------------------- 1 | Suricata 7+ Ensure VNTAG (802.1Qbh) packets are decoded 2 | -------------------------------------------------------------------------------- /tests/decode-vntag-02/README.md: -------------------------------------------------------------------------------- 1 | Suricata 6.0.3+ Ensure VNTAG (802.1Qbh) packets are decoded 2 | -------------------------------------------------------------------------------- /tests/detect-bidir/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-bidir/README.md -------------------------------------------------------------------------------- /tests/detect-bidir/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-bidir/test.yaml -------------------------------------------------------------------------------- /tests/detect-bypass/README.md: -------------------------------------------------------------------------------- 1 | Tests the bypass keyword 2 | -------------------------------------------------------------------------------- /tests/detect-bytetest-03/README.md: -------------------------------------------------------------------------------- 1 | Simple dns match on first byte 2 | -------------------------------------------------------------------------------- /tests/detect-dotprefix-01/README.md: -------------------------------------------------------------------------------- 1 | Extract the domain from a DNS request 2 | -------------------------------------------------------------------------------- /tests/detect-dotprefix-02/README.md: -------------------------------------------------------------------------------- 1 | Extract the domain from a DNS request 2 | -------------------------------------------------------------------------------- /tests/detect-dotprefix-03/README.md: -------------------------------------------------------------------------------- 1 | Extract the domain from a DNS request 2 | -------------------------------------------------------------------------------- /tests/detect-hostbits/detect-hostbits-01/README.md: -------------------------------------------------------------------------------- 1 | Test noalert flag for hostbits 2 | -------------------------------------------------------------------------------- /tests/detect-ipopts/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-ipopts/README -------------------------------------------------------------------------------- /tests/detect-ipopts/ipopt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-ipopts/ipopt.py -------------------------------------------------------------------------------- /tests/detect-itype/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-itype/README.md -------------------------------------------------------------------------------- /tests/detect-itype/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-itype/test.yaml -------------------------------------------------------------------------------- /tests/detect-ttl/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-ttl/README.md -------------------------------------------------------------------------------- /tests/detect-ttl/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-ttl/test.rules -------------------------------------------------------------------------------- /tests/detect-ttl/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-ttl/test.yaml -------------------------------------------------------------------------------- /tests/detect-xor/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-xor/README.md -------------------------------------------------------------------------------- /tests/detect-xor/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-xor/input.pcap -------------------------------------------------------------------------------- /tests/detect-xor/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-xor/test.rules -------------------------------------------------------------------------------- /tests/detect-xor/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-xor/test.yaml -------------------------------------------------------------------------------- /tests/detect-xor/xor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/detect-xor/xor.py -------------------------------------------------------------------------------- /tests/dnp3/dnp3-lua/rule.lua: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dnp3/dnp3-lua/rule.lua -------------------------------------------------------------------------------- /tests/dns-lua-rules-pre8/suricata.yaml: -------------------------------------------------------------------------------- 1 | %YAML 1.1 2 | --- 3 | 4 | include: ../../etc/suricata-4.0.3.yaml 5 | -------------------------------------------------------------------------------- /tests/dns-opcode/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns-opcode/README.md -------------------------------------------------------------------------------- /tests/dns-opcode/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns-opcode/test.rules -------------------------------------------------------------------------------- /tests/dns-opcode/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns-opcode/test.yaml -------------------------------------------------------------------------------- /tests/dns/bug-1158/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns/bug-1158/test.yaml -------------------------------------------------------------------------------- /tests/dns/bug-856/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns/bug-856/test.yaml -------------------------------------------------------------------------------- /tests/dns/bug-990/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns/bug-990/input.pcap -------------------------------------------------------------------------------- /tests/dns/bug-990/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns/bug-990/test.rules -------------------------------------------------------------------------------- /tests/dns/bug-990/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns/bug-990/test.yaml -------------------------------------------------------------------------------- /tests/dns/dns-eve/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns/dns-eve/input.pcap -------------------------------------------------------------------------------- /tests/dns/dns-eve/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns/dns-eve/test.yaml -------------------------------------------------------------------------------- /tests/dns/dns-ptr/README.md: -------------------------------------------------------------------------------- 1 | Test DNS PTR response. 2 | -------------------------------------------------------------------------------- /tests/dns/dns-ptr/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns/dns-ptr/test.rules -------------------------------------------------------------------------------- /tests/dns/dns-ptr/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/dns/dns-ptr/test.yaml -------------------------------------------------------------------------------- /tests/dns/dns-query-name/README.md: -------------------------------------------------------------------------------- 1 | Test the `dns.queries.rrname` sticky buffer. 2 | -------------------------------------------------------------------------------- /tests/dns/dns-single-request/README.md: -------------------------------------------------------------------------------- 1 | Check a simple DNS request and response. 2 | -------------------------------------------------------------------------------- /tests/dns/dns-udp-eve-dig/README.md: -------------------------------------------------------------------------------- 1 | DNS EVE v2 test of a dig against www.suricata-ids.org. 2 | -------------------------------------------------------------------------------- /tests/dns/v2/dns-single-request/README.md: -------------------------------------------------------------------------------- 1 | Check a simple DNS request and response. 2 | -------------------------------------------------------------------------------- /tests/dns/v2/dns-udp-eve-dig/README.md: -------------------------------------------------------------------------------- 1 | DNS EVE v2 test of a dig against www.suricata-ids.org. 2 | -------------------------------------------------------------------------------- /tests/enip-alert/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/enip-alert/README.md -------------------------------------------------------------------------------- /tests/enip-alert/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/enip-alert/test.rules -------------------------------------------------------------------------------- /tests/enip-alert/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/enip-alert/test.yaml -------------------------------------------------------------------------------- /tests/enip-frames/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/enip-frames/README.md -------------------------------------------------------------------------------- /tests/enip-frames/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/enip-frames/test.rules -------------------------------------------------------------------------------- /tests/enip-frames/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/enip-frames/test.yaml -------------------------------------------------------------------------------- /tests/ethernet-eve/test.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ethernet-eve/test.pcap -------------------------------------------------------------------------------- /tests/ethernet-eve/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ethernet-eve/test.yaml -------------------------------------------------------------------------------- /tests/eve-flow-esp/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-flow-esp/test.yaml -------------------------------------------------------------------------------- /tests/eve-metadata/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-metadata/test.yaml -------------------------------------------------------------------------------- /tests/eve-tag-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-01/test.rules -------------------------------------------------------------------------------- /tests/eve-tag-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-01/test.yaml -------------------------------------------------------------------------------- /tests/eve-tag-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-02/test.rules -------------------------------------------------------------------------------- /tests/eve-tag-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-02/test.yaml -------------------------------------------------------------------------------- /tests/eve-tag-03/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-03/test.rules -------------------------------------------------------------------------------- /tests/eve-tag-03/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-03/test.yaml -------------------------------------------------------------------------------- /tests/eve-tag-04/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-04/test.rules -------------------------------------------------------------------------------- /tests/eve-tag-04/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-04/test.yaml -------------------------------------------------------------------------------- /tests/eve-tag-05/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-05/test.rules -------------------------------------------------------------------------------- /tests/eve-tag-05/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-05/test.yaml -------------------------------------------------------------------------------- /tests/eve-tag-06/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-06/test.rules -------------------------------------------------------------------------------- /tests/eve-tag-06/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-06/test.yaml -------------------------------------------------------------------------------- /tests/eve-tag-07/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-07/test.rules -------------------------------------------------------------------------------- /tests/eve-tag-07/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/eve-tag-07/test.yaml -------------------------------------------------------------------------------- /tests/file-match-crossed/titi.txt: -------------------------------------------------------------------------------- 1 | Titi a vu un gros minet. 2 | -------------------------------------------------------------------------------- /tests/file-match-crossed/toto.txt: -------------------------------------------------------------------------------- 1 | toto est dans un bateau 2 | -------------------------------------------------------------------------------- /tests/fileext-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/fileext-01/test.rules -------------------------------------------------------------------------------- /tests/fileext-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/fileext-01/test.yaml -------------------------------------------------------------------------------- /tests/fileext-02/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/fileext-02/test.rules -------------------------------------------------------------------------------- /tests/fileext-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/fileext-02/test.yaml -------------------------------------------------------------------------------- /tests/filemagic-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/filemagic-01/test.yaml -------------------------------------------------------------------------------- /tests/filemd5/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/filemd5/suricata.yaml -------------------------------------------------------------------------------- /tests/filemd5/target.md5: -------------------------------------------------------------------------------- 1 | e19c1283c925b3206685ff522acfe3e6 2 | -------------------------------------------------------------------------------- /tests/filemd5/target.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/filemd5/target.pcap -------------------------------------------------------------------------------- /tests/filemd5/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/filemd5/test.rules -------------------------------------------------------------------------------- /tests/filemd5/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/filemd5/test.yaml -------------------------------------------------------------------------------- /tests/filename-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/filename-01/test.rules -------------------------------------------------------------------------------- /tests/filename-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/filename-01/test.yaml -------------------------------------------------------------------------------- /tests/flow-tx-cnt/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/flow-tx-cnt/README.md -------------------------------------------------------------------------------- /tests/flow-tx-cnt/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/flow-tx-cnt/test.rules -------------------------------------------------------------------------------- /tests/flow-tx-cnt/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/flow-tx-cnt/test.yaml -------------------------------------------------------------------------------- /tests/from_base64-01/README.md: -------------------------------------------------------------------------------- 1 | from_base64 transform tests 2 | -------------------------------------------------------------------------------- /tests/from_base64-02/README.md: -------------------------------------------------------------------------------- 1 | Match on base64 operations using rfc2045 URI 2 | -------------------------------------------------------------------------------- /tests/from_base64-04/README.md: -------------------------------------------------------------------------------- 1 | from_base64 transform tests with default arguments 2 | -------------------------------------------------------------------------------- /tests/ftp-epsv/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ftp-epsv/README.md -------------------------------------------------------------------------------- /tests/ftp-epsv/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ftp-epsv/input.pcap -------------------------------------------------------------------------------- /tests/ftp-epsv/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ftp-epsv/test.yaml -------------------------------------------------------------------------------- /tests/geoip/geoip.pl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/geoip/geoip.pl -------------------------------------------------------------------------------- /tests/geoip/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/geoip/suricata.yaml -------------------------------------------------------------------------------- /tests/geoip/test.mmdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/geoip/test.mmdb -------------------------------------------------------------------------------- /tests/geoip/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/geoip/test.rules -------------------------------------------------------------------------------- /tests/geoip/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/geoip/test.yaml -------------------------------------------------------------------------------- /tests/http-async/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-async/README.md -------------------------------------------------------------------------------- /tests/http-async/async.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-async/async.txt -------------------------------------------------------------------------------- /tests/http-async/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-async/input.pcap -------------------------------------------------------------------------------- /tests/http-async/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-async/test.rules -------------------------------------------------------------------------------- /tests/http-async/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-async/test.yaml -------------------------------------------------------------------------------- /tests/http-chunked/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-chunked/README.md -------------------------------------------------------------------------------- /tests/http-chunked/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-chunked/test.yaml -------------------------------------------------------------------------------- /tests/http-ipv6/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-ipv6/README.md -------------------------------------------------------------------------------- /tests/http-ipv6/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-ipv6/input.pcap -------------------------------------------------------------------------------- /tests/http-ipv6/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-ipv6/test.rules -------------------------------------------------------------------------------- /tests/http-ipv6/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-ipv6/test.yaml -------------------------------------------------------------------------------- /tests/http-not09/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-not09/README.md -------------------------------------------------------------------------------- /tests/http-not09/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-not09/input.pcap -------------------------------------------------------------------------------- /tests/http-not09/min8.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-not09/min8.rules -------------------------------------------------------------------------------- /tests/http-not09/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-not09/test.yaml -------------------------------------------------------------------------------- /tests/http-pipeline-files-with-gap/README.md: -------------------------------------------------------------------------------- 1 | Pcap from malware traffic analysis 2 | -------------------------------------------------------------------------------- /tests/http-post-file/mm.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-post-file/mm.go -------------------------------------------------------------------------------- /tests/http-range/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-range/README.md -------------------------------------------------------------------------------- /tests/http-range/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http-range/test.yaml -------------------------------------------------------------------------------- /tests/http-request-line/README.md: -------------------------------------------------------------------------------- 1 | Test the http_request_line keyword 2 | -------------------------------------------------------------------------------- /tests/http2-basic/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-basic/README.md -------------------------------------------------------------------------------- /tests/http2-basic/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-basic/test.rules -------------------------------------------------------------------------------- /tests/http2-basic/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-basic/test.yaml -------------------------------------------------------------------------------- /tests/http2-compression-bug/README.md: -------------------------------------------------------------------------------- 1 | Chrome 107.0.5304.87 HTTP2 decrypted via Mira ETO 2 | -------------------------------------------------------------------------------- /tests/http2-files-6/test.md5: -------------------------------------------------------------------------------- 1 | 15560fc6a1e4845498d8d952691afb11 2 | -------------------------------------------------------------------------------- /tests/http2-files/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-files/README.md -------------------------------------------------------------------------------- /tests/http2-files/test.md5: -------------------------------------------------------------------------------- 1 | 15560fc6a1e4845498d8d952691afb11 2 | -------------------------------------------------------------------------------- /tests/http2-files/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-files/test.rules -------------------------------------------------------------------------------- /tests/http2-files/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-files/test.yaml -------------------------------------------------------------------------------- /tests/http2-frames/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-frames/README.md -------------------------------------------------------------------------------- /tests/http2-frames/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-frames/test.yaml -------------------------------------------------------------------------------- /tests/http2-header/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-header/README.md -------------------------------------------------------------------------------- /tests/http2-header/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-header/test.yaml -------------------------------------------------------------------------------- /tests/http2-range/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-range/README.md -------------------------------------------------------------------------------- /tests/http2-range/server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-range/server.go -------------------------------------------------------------------------------- /tests/http2-range/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/http2-range/test.yaml -------------------------------------------------------------------------------- /tests/icmp-hdr-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/icmp-hdr-01/test.yaml -------------------------------------------------------------------------------- /tests/icmp-hdr-02/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/icmp-hdr-02/input.pcap -------------------------------------------------------------------------------- /tests/icmp-hdr-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/icmp-hdr-02/test.yaml -------------------------------------------------------------------------------- /tests/ikev1-rules/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ikev1-rules/test.rules -------------------------------------------------------------------------------- /tests/ikev1-rules/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ikev1-rules/test.yaml -------------------------------------------------------------------------------- /tests/ikev1/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ikev1/suricata.yaml -------------------------------------------------------------------------------- /tests/ikev1/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ikev1/test.yaml -------------------------------------------------------------------------------- /tests/ipopts-esec/test.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ipopts-esec/test.pcap -------------------------------------------------------------------------------- /tests/ipopts-esec/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ipopts-esec/test.rules -------------------------------------------------------------------------------- /tests/ipopts-esec/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ipopts-esec/test.yaml -------------------------------------------------------------------------------- /tests/iprep-02/iprep.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/iprep-02/iprep.rules -------------------------------------------------------------------------------- /tests/iprep-02/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/iprep-02/suricata.yaml -------------------------------------------------------------------------------- /tests/iprep-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/iprep-02/test.yaml -------------------------------------------------------------------------------- /tests/iprep-03-bug-6834/categories.txt: -------------------------------------------------------------------------------- 1 | 1,test,Testing 2 | -------------------------------------------------------------------------------- /tests/iprep-03-bug-6834/iprep.list: -------------------------------------------------------------------------------- 1 | 192.168.0.13,1,0 2 | -------------------------------------------------------------------------------- /tests/iprep-04-bug-6834-any/categories.txt: -------------------------------------------------------------------------------- 1 | 1,test,Testing 2 | -------------------------------------------------------------------------------- /tests/iprep-04-bug-6834-any/iprep.list: -------------------------------------------------------------------------------- 1 | 192.168.0.13,1,0 2 | -------------------------------------------------------------------------------- /tests/iprep-05-bug-6834-both/categories.txt: -------------------------------------------------------------------------------- 1 | 1,test,Testing 2 | -------------------------------------------------------------------------------- /tests/iprep-06-bug-6834-dst/categories.txt: -------------------------------------------------------------------------------- 1 | 1,test,Testing 2 | -------------------------------------------------------------------------------- /tests/iprep-07-bug-6834-src-cidr/categories.txt: -------------------------------------------------------------------------------- 1 | 1,test,Testing 2 | -------------------------------------------------------------------------------- /tests/iprep-07-bug-6834-src-cidr/iprep.list: -------------------------------------------------------------------------------- 1 | 192.168.0.13/24,1,0 2 | -------------------------------------------------------------------------------- /tests/iprep-08-bug-6834-any-cidr/categories.txt: -------------------------------------------------------------------------------- 1 | 1,test,Testing 2 | -------------------------------------------------------------------------------- /tests/iprep-08-bug-6834-any-cidr/iprep.list: -------------------------------------------------------------------------------- 1 | 192.168.0.13/24,1,0 2 | -------------------------------------------------------------------------------- /tests/iprep-09-bug-6834-both-cidr/categories.txt: -------------------------------------------------------------------------------- 1 | 1,test,Testing 2 | -------------------------------------------------------------------------------- /tests/iprep-10-bug-6834-dst-cidr/categories.txt: -------------------------------------------------------------------------------- 1 | 1,test,Testing 2 | -------------------------------------------------------------------------------- /tests/ips-state-1/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ips-state-1/README.md -------------------------------------------------------------------------------- /tests/ips-state-1/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ips-state-1/input.pcap -------------------------------------------------------------------------------- /tests/ips-state-1/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ips-state-1/test.rules -------------------------------------------------------------------------------- /tests/ips-state-1/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ips-state-1/test.yaml -------------------------------------------------------------------------------- /tests/issue-3277-nfsv2-filestore/README.md: -------------------------------------------------------------------------------- 1 | Pcap from https://redmine.openinfosecfoundation.org/issues/3277 2 | -------------------------------------------------------------------------------- /tests/issue-3703/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/issue-3703/input.pcap -------------------------------------------------------------------------------- /tests/issue-3703/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/issue-3703/test.yaml -------------------------------------------------------------------------------- /tests/issue-4407/input.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/issue-4407/input.rules -------------------------------------------------------------------------------- /tests/issue-4407/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/issue-4407/test.yaml -------------------------------------------------------------------------------- /tests/issues/issue-4759.1/README.md: -------------------------------------------------------------------------------- 1 | Test for issue 4759. Also related to 5799. 2 | -------------------------------------------------------------------------------- /tests/issues/issue-4759/README.md: -------------------------------------------------------------------------------- 1 | Test for issue 4759. Also related to 5799. 2 | -------------------------------------------------------------------------------- /tests/ja4-quic/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-quic/README.md -------------------------------------------------------------------------------- /tests/ja4-quic/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-quic/input.pcap -------------------------------------------------------------------------------- /tests/ja4-quic/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-quic/test.yaml -------------------------------------------------------------------------------- /tests/ja4-rules-bug-7010/README.md: -------------------------------------------------------------------------------- 1 | Confirm that Suricata logs JA4 being enabled due to a rule. 2 | -------------------------------------------------------------------------------- /tests/ja4-rules/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-rules/input.pcap -------------------------------------------------------------------------------- /tests/ja4-rules/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-rules/test.rules -------------------------------------------------------------------------------- /tests/ja4-rules/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-rules/test.yaml -------------------------------------------------------------------------------- /tests/ja4-tls-quic/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-tls-quic/README.md -------------------------------------------------------------------------------- /tests/ja4-tls-quic/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-tls-quic/test.yaml -------------------------------------------------------------------------------- /tests/ja4-tls/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-tls/README.md -------------------------------------------------------------------------------- /tests/ja4-tls/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-tls/input.pcap -------------------------------------------------------------------------------- /tests/ja4-tls/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ja4-tls/test.yaml -------------------------------------------------------------------------------- /tests/krb5-probing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/krb5-probing/README.md -------------------------------------------------------------------------------- /tests/krb5-probing/krb.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/krb5-probing/krb.pcap -------------------------------------------------------------------------------- /tests/krb5-probing/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/krb5-probing/test.yaml -------------------------------------------------------------------------------- /tests/krb5-request-frag-log/README.md: -------------------------------------------------------------------------------- 1 | Test krb5 EVE decoding/output for fragmented/partial transactions 2 | -------------------------------------------------------------------------------- /tests/ldap-abandon/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-abandon/Makefile -------------------------------------------------------------------------------- /tests/ldap-abandon/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-abandon/README.md -------------------------------------------------------------------------------- /tests/ldap-abandon/ldap.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-abandon/ldap.pcap -------------------------------------------------------------------------------- /tests/ldap-abandon/ldap.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-abandon/ldap.syn -------------------------------------------------------------------------------- /tests/ldap-abandon/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-abandon/test.yaml -------------------------------------------------------------------------------- /tests/ldap-add/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-add/Makefile -------------------------------------------------------------------------------- /tests/ldap-add/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-add/README.md -------------------------------------------------------------------------------- /tests/ldap-add/ldap.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-add/ldap.pcap -------------------------------------------------------------------------------- /tests/ldap-add/ldap.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-add/ldap.syn -------------------------------------------------------------------------------- /tests/ldap-add/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-add/test.yaml -------------------------------------------------------------------------------- /tests/ldap-bind/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-bind/Makefile -------------------------------------------------------------------------------- /tests/ldap-bind/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-bind/README.md -------------------------------------------------------------------------------- /tests/ldap-bind/ldap.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-bind/ldap.pcap -------------------------------------------------------------------------------- /tests/ldap-bind/ldap.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-bind/ldap.syn -------------------------------------------------------------------------------- /tests/ldap-bind/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-bind/test.yaml -------------------------------------------------------------------------------- /tests/ldap-compare/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-compare/Makefile -------------------------------------------------------------------------------- /tests/ldap-compare/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-compare/README.md -------------------------------------------------------------------------------- /tests/ldap-compare/ldap.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-compare/ldap.pcap -------------------------------------------------------------------------------- /tests/ldap-compare/ldap.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-compare/ldap.syn -------------------------------------------------------------------------------- /tests/ldap-compare/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-compare/test.yaml -------------------------------------------------------------------------------- /tests/ldap-delete/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-delete/Makefile -------------------------------------------------------------------------------- /tests/ldap-delete/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-delete/README.md -------------------------------------------------------------------------------- /tests/ldap-delete/ldap.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-delete/ldap.pcap -------------------------------------------------------------------------------- /tests/ldap-delete/ldap.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-delete/ldap.syn -------------------------------------------------------------------------------- /tests/ldap-delete/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-delete/test.yaml -------------------------------------------------------------------------------- /tests/ldap-extended/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-extended/Makefile -------------------------------------------------------------------------------- /tests/ldap-extended/ldap.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-extended/ldap.syn -------------------------------------------------------------------------------- /tests/ldap-frames/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-frames/README.md -------------------------------------------------------------------------------- /tests/ldap-frames/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-frames/test.yaml -------------------------------------------------------------------------------- /tests/ldap-modify/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-modify/Makefile -------------------------------------------------------------------------------- /tests/ldap-modify/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-modify/README.md -------------------------------------------------------------------------------- /tests/ldap-modify/ldap.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-modify/ldap.pcap -------------------------------------------------------------------------------- /tests/ldap-modify/ldap.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-modify/ldap.syn -------------------------------------------------------------------------------- /tests/ldap-modify/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-modify/test.yaml -------------------------------------------------------------------------------- /tests/ldap-search/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-search/Makefile -------------------------------------------------------------------------------- /tests/ldap-search/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-search/README.md -------------------------------------------------------------------------------- /tests/ldap-search/ldap.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-search/ldap.pcap -------------------------------------------------------------------------------- /tests/ldap-search/ldap.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-search/ldap.syn -------------------------------------------------------------------------------- /tests/ldap-search/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-search/test.yaml -------------------------------------------------------------------------------- /tests/ldap-udp/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-udp/README.md -------------------------------------------------------------------------------- /tests/ldap-udp/cldap.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-udp/cldap.pcap -------------------------------------------------------------------------------- /tests/ldap-udp/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-udp/test.yaml -------------------------------------------------------------------------------- /tests/ldap-unbind/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-unbind/Makefile -------------------------------------------------------------------------------- /tests/ldap-unbind/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-unbind/README.md -------------------------------------------------------------------------------- /tests/ldap-unbind/ldap.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-unbind/ldap.pcap -------------------------------------------------------------------------------- /tests/ldap-unbind/ldap.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-unbind/ldap.syn -------------------------------------------------------------------------------- /tests/ldap-unbind/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ldap-unbind/test.yaml -------------------------------------------------------------------------------- /tests/linktype-228/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/linktype-228/test.yaml -------------------------------------------------------------------------------- /tests/lua-detect-http-01/README.md: -------------------------------------------------------------------------------- 1 | Test Lua detection of HTTP methods via library. 2 | -------------------------------------------------------------------------------- /tests/lua-detect-http-01/suricata.yaml: -------------------------------------------------------------------------------- 1 | %YAML 1.1 2 | --- 3 | 4 | include: ../../etc/suricata-4.0.3.yaml 5 | -------------------------------------------------------------------------------- /tests/lua-flowfunctions/README.md: -------------------------------------------------------------------------------- 1 | Test Lua flow lib functions 2 | -------------------------------------------------------------------------------- /tests/lua-flowtuple/README.md: -------------------------------------------------------------------------------- 1 | Tests Lua's SCFlowTuple output. 2 | -------------------------------------------------------------------------------- /tests/lua-match-scrule/README.md: -------------------------------------------------------------------------------- 1 | Tests Lua's SCRule functions for match scripts. 2 | -------------------------------------------------------------------------------- /tests/lua-match-scrule/suricata.yaml: -------------------------------------------------------------------------------- 1 | %YAML 1.1 2 | --- 3 | 4 | include: ../../etc/suricata-4.0.3.yaml -------------------------------------------------------------------------------- /tests/lua-memleak/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/lua-memleak/README.md -------------------------------------------------------------------------------- /tests/lua-memleak/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/lua-memleak/input.pcap -------------------------------------------------------------------------------- /tests/lua-memleak/test.lua: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/lua-memleak/test.lua -------------------------------------------------------------------------------- /tests/lua-memleak/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/lua-memleak/test.rules -------------------------------------------------------------------------------- /tests/lua-memleak/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/lua-memleak/test.yaml -------------------------------------------------------------------------------- /tests/lua-output-http-02/README.md: -------------------------------------------------------------------------------- 1 | Test Lua output of HTTP metadata. 2 | -------------------------------------------------------------------------------- /tests/lua-output-http-03/README.md: -------------------------------------------------------------------------------- 1 | Test Lua output of HTTP metadata. 2 | -------------------------------------------------------------------------------- /tests/lua-output-http-pre8/README.md: -------------------------------------------------------------------------------- 1 | Test Lua output of HTTP metadata. 2 | -------------------------------------------------------------------------------- /tests/lua-output-http/README.md: -------------------------------------------------------------------------------- 1 | Test Lua output of HTTP metadata. 2 | -------------------------------------------------------------------------------- /tests/lua-scfileinfo/README.md: -------------------------------------------------------------------------------- 1 | Tests Lua's SCFileInfo output. 2 | -------------------------------------------------------------------------------- /tests/lua-scflowstats-pre8/README.md: -------------------------------------------------------------------------------- 1 | Tests Lua's SCFlowStats output. 2 | -------------------------------------------------------------------------------- /tests/lua-scflowtuple-pre8/README.md: -------------------------------------------------------------------------------- 1 | Tests Lua's SCFlowTuple output. 2 | -------------------------------------------------------------------------------- /tests/lua-scpackettuple-pre8/README.md: -------------------------------------------------------------------------------- 1 | Tests Lua's SCPacketTuple output. 2 | -------------------------------------------------------------------------------- /tests/lua-scpackettuple/README.md: -------------------------------------------------------------------------------- 1 | Tests Lua's SCPacketTuple output. 2 | -------------------------------------------------------------------------------- /tests/lua-scrule-ids-pre8/README.md: -------------------------------------------------------------------------------- 1 | Tests Lua's SCRuleIds output. 2 | -------------------------------------------------------------------------------- /tests/lua-scrule-ids/README.md: -------------------------------------------------------------------------------- 1 | Tests Lua's SCRuleIds output. 2 | -------------------------------------------------------------------------------- /tests/lua/lua-fastlog/README.md: -------------------------------------------------------------------------------- 1 | Test using Lua to replicate fast.log. 2 | -------------------------------------------------------------------------------- /tests/lua/lua-flowintlib/README.md: -------------------------------------------------------------------------------- 1 | Test for Lua suricata.flowintlib. 2 | -------------------------------------------------------------------------------- /tests/lua/lua-instruction-limit/README.md: -------------------------------------------------------------------------------- 1 | Test for Lua rules that exceed the instruction limit. 2 | -------------------------------------------------------------------------------- /tests/lua/lua-memory-limit/README.md: -------------------------------------------------------------------------------- 1 | Test for Lua rules that exceed the memory limit. 2 | -------------------------------------------------------------------------------- /tests/lua/lua-tlslib-01/README.md: -------------------------------------------------------------------------------- 1 | Test Lua lib functions 2 | -------------------------------------------------------------------------------- /tests/lua/lua-transform-02/README.md: -------------------------------------------------------------------------------- 1 | Lua transform: Ensure non-existent lua scripts are detected. 2 | -------------------------------------------------------------------------------- /tests/lua/lua-transform-05/transform.lua: -------------------------------------------------------------------------------- 1 | function transform(input, args) 2 | return nil, 0 3 | end 4 | -------------------------------------------------------------------------------- /tests/lua/lua-transform-09/README.md: -------------------------------------------------------------------------------- 1 | Ensure Lua transform works with the ip.src/ip.dst sticky buffers. 2 | -------------------------------------------------------------------------------- /tests/mdns/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mdns/test.rules -------------------------------------------------------------------------------- /tests/mdns/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mdns/test.yaml -------------------------------------------------------------------------------- /tests/modbus/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/modbus/README.md -------------------------------------------------------------------------------- /tests/modbus/modbus.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/modbus/modbus.pcap -------------------------------------------------------------------------------- /tests/modbus/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/modbus/suricata.yaml -------------------------------------------------------------------------------- /tests/modbus/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/modbus/test.rules -------------------------------------------------------------------------------- /tests/modbus/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/modbus/test.yaml -------------------------------------------------------------------------------- /tests/mqtt-frames/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mqtt-frames/README.md -------------------------------------------------------------------------------- /tests/mqtt-frames/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mqtt-frames/test.rules -------------------------------------------------------------------------------- /tests/mqtt-frames/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mqtt-frames/test.yaml -------------------------------------------------------------------------------- /tests/mqtt-limit-1/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mqtt-limit-1/test.yaml -------------------------------------------------------------------------------- /tests/mqtt-limit-2/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mqtt-limit-2/test.yaml -------------------------------------------------------------------------------- /tests/mqtt-limit-3/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mqtt-limit-3/test.yaml -------------------------------------------------------------------------------- /tests/mqtt-ping/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mqtt-ping/input.pcap -------------------------------------------------------------------------------- /tests/mqtt-ping/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mqtt-ping/test.rules -------------------------------------------------------------------------------- /tests/mqtt-ping/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/mqtt-ping/test.yaml -------------------------------------------------------------------------------- /tests/multi-tenant-01/a.rule: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/multi-tenant-01/a.rule -------------------------------------------------------------------------------- /tests/multi-tenant-01/a.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/multi-tenant-01/a.yaml -------------------------------------------------------------------------------- /tests/multi-tenant-01/b.rule: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/multi-tenant-01/b.rule -------------------------------------------------------------------------------- /tests/multi-tenant-01/b.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/multi-tenant-01/b.yaml -------------------------------------------------------------------------------- /tests/multi-tenant-01/base.rules: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/multi-tenant-01/c.rule: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/multi-tenant-01/c.rule -------------------------------------------------------------------------------- /tests/multi-tenant-01/c.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/multi-tenant-01/c.yaml -------------------------------------------------------------------------------- /tests/multi-tenant-01/d.rule: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/multi-tenant-01/d.rule -------------------------------------------------------------------------------- /tests/multi-tenant-01/d.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/multi-tenant-01/d.yaml -------------------------------------------------------------------------------- /tests/multi-tenant-02-test/base.rules: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/multi-tenant-03-pcap/base.rules: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/netflow-eve/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/netflow-eve/test.yaml -------------------------------------------------------------------------------- /tests/nfs-bug-5140/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs-bug-5140/README.md -------------------------------------------------------------------------------- /tests/nfs-bug-5140/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs-bug-5140/test.yaml -------------------------------------------------------------------------------- /tests/nfs-udp-only/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs-udp-only/README.md -------------------------------------------------------------------------------- /tests/nfs-udp-only/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs-udp-only/test.yaml -------------------------------------------------------------------------------- /tests/nfs3-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs3-01/README.md -------------------------------------------------------------------------------- /tests/nfs3-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs3-01/input.pcap -------------------------------------------------------------------------------- /tests/nfs3-01/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs3-01/suricata.yaml -------------------------------------------------------------------------------- /tests/nfs3-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs3-01/test.rules -------------------------------------------------------------------------------- /tests/nfs3-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs3-01/test.yaml -------------------------------------------------------------------------------- /tests/nfs4-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs4-01/README.md -------------------------------------------------------------------------------- /tests/nfs4-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs4-01/input.pcap -------------------------------------------------------------------------------- /tests/nfs4-01/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs4-01/test.rules -------------------------------------------------------------------------------- /tests/nfs4-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/nfs4-01/test.yaml -------------------------------------------------------------------------------- /tests/pcap-log-lz4-01/README.md: -------------------------------------------------------------------------------- 1 | Test that Suricata will write 2 lz4 compress pcap files. 2 | -------------------------------------------------------------------------------- /tests/pcap-log-uncompressed-01/README.md: -------------------------------------------------------------------------------- 1 | Test that Suricata will write 3 uncompressed pcap files. 2 | -------------------------------------------------------------------------------- /tests/pcap-log-uncompressed-03-multi-bpf/README.md: -------------------------------------------------------------------------------- 1 | Test that Suricata will apply bpf in multi-mode. 2 | -------------------------------------------------------------------------------- /tests/pcre-invalid-rule-01/README.md: -------------------------------------------------------------------------------- 1 | Ensure that PCRE buffer requirements are met 2 | -------------------------------------------------------------------------------- /tests/pop3-auth-01/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/pop3-auth-01/Makefile -------------------------------------------------------------------------------- /tests/pop3-auth-01/pop3.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/pop3-auth-01/pop3.syn -------------------------------------------------------------------------------- /tests/pop3-auth-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/pop3-auth-01/test.yaml -------------------------------------------------------------------------------- /tests/pop3/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/pop3/README.md -------------------------------------------------------------------------------- /tests/pop3/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/pop3/input.pcap -------------------------------------------------------------------------------- /tests/pop3/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/pop3/test.yaml -------------------------------------------------------------------------------- /tests/pppoe/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/pppoe/input.pcap -------------------------------------------------------------------------------- /tests/pppoe/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/pppoe/test.rules -------------------------------------------------------------------------------- /tests/pppoe/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/pppoe/test.yaml -------------------------------------------------------------------------------- /tests/pre8/lua-match-scrule/README.md: -------------------------------------------------------------------------------- 1 | Tests Lua's SCRule functions for match scripts. 2 | -------------------------------------------------------------------------------- /tests/quic-ack3/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-ack3/README.md -------------------------------------------------------------------------------- /tests/quic-ack3/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-ack3/input.pcap -------------------------------------------------------------------------------- /tests/quic-ack3/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-ack3/test.yaml -------------------------------------------------------------------------------- /tests/quic-alerts/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-alerts/input.pcap -------------------------------------------------------------------------------- /tests/quic-alerts/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-alerts/test.rules -------------------------------------------------------------------------------- /tests/quic-alerts/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-alerts/test.yaml -------------------------------------------------------------------------------- /tests/quic-cyu/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-cyu/input.pcap -------------------------------------------------------------------------------- /tests/quic-cyu/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-cyu/test.yaml -------------------------------------------------------------------------------- /tests/quic-frag/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-frag/README.md -------------------------------------------------------------------------------- /tests/quic-frag/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-frag/input.pcap -------------------------------------------------------------------------------- /tests/quic-frag/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-frag/test.yaml -------------------------------------------------------------------------------- /tests/quic-ietf/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-ietf/README.md -------------------------------------------------------------------------------- /tests/quic-ietf/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-ietf/input.pcap -------------------------------------------------------------------------------- /tests/quic-ietf/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-ietf/test.rules -------------------------------------------------------------------------------- /tests/quic-ietf/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-ietf/test.yaml -------------------------------------------------------------------------------- /tests/quic-retry/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-retry/README.md -------------------------------------------------------------------------------- /tests/quic-retry/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-retry/input.pcap -------------------------------------------------------------------------------- /tests/quic-retry/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-retry/test.yaml -------------------------------------------------------------------------------- /tests/quic-v2-ja3/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-v2-ja3/README.md -------------------------------------------------------------------------------- /tests/quic-v2-ja3/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-v2-ja3/input.pcap -------------------------------------------------------------------------------- /tests/quic-v2-ja3/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-v2-ja3/test.rules -------------------------------------------------------------------------------- /tests/quic-v2-ja3/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-v2-ja3/test.yaml -------------------------------------------------------------------------------- /tests/quic-v2/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-v2/README.md -------------------------------------------------------------------------------- /tests/quic-v2/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-v2/input.pcap -------------------------------------------------------------------------------- /tests/quic-v2/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-v2/test.rules -------------------------------------------------------------------------------- /tests/quic-v2/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/quic-v2/test.yaml -------------------------------------------------------------------------------- /tests/rdp-protocol/README.md: -------------------------------------------------------------------------------- 1 | Match on RDP event and check different protocol specific details. 2 | -------------------------------------------------------------------------------- /tests/rdp-protocol/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rdp-protocol/test.yaml -------------------------------------------------------------------------------- /tests/reference-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/reference-01/test.yaml -------------------------------------------------------------------------------- /tests/reference-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/reference-02/test.yaml -------------------------------------------------------------------------------- /tests/reference-03/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/reference-03/test.yaml -------------------------------------------------------------------------------- /tests/reference-04/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/reference-04/test.yaml -------------------------------------------------------------------------------- /tests/reference-config-validate-01/reference.config: -------------------------------------------------------------------------------- 1 | this is not correct 2 | -------------------------------------------------------------------------------- /tests/reference-config-validate-02/reference.config: -------------------------------------------------------------------------------- 1 | this is not correct 2 | -------------------------------------------------------------------------------- /tests/reputation-config/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/reputation-config/threshold.config: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/requires-ok/README.md: -------------------------------------------------------------------------------- 1 | Test for the "requires" keyword. 2 | -------------------------------------------------------------------------------- /tests/requires-ok/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/requires-ok/test.rules -------------------------------------------------------------------------------- /tests/requires-ok/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/requires-ok/test.yaml -------------------------------------------------------------------------------- /tests/rfb-frames/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-frames/README.md -------------------------------------------------------------------------------- /tests/rfb-frames/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-frames/test.rules -------------------------------------------------------------------------------- /tests/rfb-frames/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-frames/test.yaml -------------------------------------------------------------------------------- /tests/rfb-parser/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-parser/README.md -------------------------------------------------------------------------------- /tests/rfb-parser/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-parser/input.pcap -------------------------------------------------------------------------------- /tests/rfb-parser/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-parser/test.yaml -------------------------------------------------------------------------------- /tests/rfb-partial-tx/in.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-partial-tx/in.pcap -------------------------------------------------------------------------------- /tests/rfb-rules-8/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-rules-8/test.rules -------------------------------------------------------------------------------- /tests/rfb-rules-8/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-rules-8/test.yaml -------------------------------------------------------------------------------- /tests/rfb-rules/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-rules/test.rules -------------------------------------------------------------------------------- /tests/rfb-rules/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rfb-rules/test.yaml -------------------------------------------------------------------------------- /tests/rule-types/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rule-types/test.yaml -------------------------------------------------------------------------------- /tests/rules/absent/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rules/absent/README.md -------------------------------------------------------------------------------- /tests/rules/absent/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rules/absent/test.yaml -------------------------------------------------------------------------------- /tests/rules/dsize/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rules/dsize/README.md -------------------------------------------------------------------------------- /tests/rules/dsize/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rules/dsize/test.rules -------------------------------------------------------------------------------- /tests/rules/dsize/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rules/dsize/test.yaml -------------------------------------------------------------------------------- /tests/rules/ipopts/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rules/ipopts/test.yaml -------------------------------------------------------------------------------- /tests/rules/xbits/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rules/xbits/README.md -------------------------------------------------------------------------------- /tests/rules/xbits/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rules/xbits/test.rules -------------------------------------------------------------------------------- /tests/rules/xbits/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/rules/xbits/test.yaml -------------------------------------------------------------------------------- /tests/show-help/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/show-help/README.md -------------------------------------------------------------------------------- /tests/show-help/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/show-help/test.yaml -------------------------------------------------------------------------------- /tests/sip-body-frames/README.md: -------------------------------------------------------------------------------- 1 | pcap from https://www.cloudshark.org/captures/4ff29b39b8dc 2 | -------------------------------------------------------------------------------- /tests/sip-content-length/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP Content-Length header field. 2 | -------------------------------------------------------------------------------- /tests/sip-content-type/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP Content-Type header field. 2 | -------------------------------------------------------------------------------- /tests/sip-from/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP From header field. 2 | -------------------------------------------------------------------------------- /tests/sip-from/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-from/test.rules -------------------------------------------------------------------------------- /tests/sip-from/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-from/test.yaml -------------------------------------------------------------------------------- /tests/sip-method/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP method field. 2 | -------------------------------------------------------------------------------- /tests/sip-method/sip.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-method/sip.pcap -------------------------------------------------------------------------------- /tests/sip-method/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-method/test.rules -------------------------------------------------------------------------------- /tests/sip-method/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-method/test.yaml -------------------------------------------------------------------------------- /tests/sip-protocol/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP version field. 2 | -------------------------------------------------------------------------------- /tests/sip-protocol/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-protocol/test.yaml -------------------------------------------------------------------------------- /tests/sip-request-line/README.md: -------------------------------------------------------------------------------- 1 | Match on the whole SIP request line. 2 | -------------------------------------------------------------------------------- /tests/sip-response-line/README.md: -------------------------------------------------------------------------------- 1 | Match on the whole SIP response line. 2 | -------------------------------------------------------------------------------- /tests/sip-sdp/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-sdp/Makefile -------------------------------------------------------------------------------- /tests/sip-sdp/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-sdp/README.md -------------------------------------------------------------------------------- /tests/sip-sdp/sdp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-sdp/sdp.pcap -------------------------------------------------------------------------------- /tests/sip-sdp/sdp.syn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-sdp/sdp.syn -------------------------------------------------------------------------------- /tests/sip-sdp/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-sdp/test.rules -------------------------------------------------------------------------------- /tests/sip-sdp/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-sdp/test.yaml -------------------------------------------------------------------------------- /tests/sip-stat-code/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP stat code field. 2 | -------------------------------------------------------------------------------- /tests/sip-stat-msg/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP stat msg field. 2 | -------------------------------------------------------------------------------- /tests/sip-stat-msg/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-stat-msg/test.yaml -------------------------------------------------------------------------------- /tests/sip-tcp-body-frames/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP frames. 2 | -------------------------------------------------------------------------------- /tests/sip-tcp-method/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP over TCP method field. 2 | -------------------------------------------------------------------------------- /tests/sip-tcp-protocol/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP version field. 2 | -------------------------------------------------------------------------------- /tests/sip-tcp-request-line/README.md: -------------------------------------------------------------------------------- 1 | Match on the whole SIP request line. 2 | -------------------------------------------------------------------------------- /tests/sip-tcp-response-line/README.md: -------------------------------------------------------------------------------- 1 | Match on the whole SIP response line. 2 | -------------------------------------------------------------------------------- /tests/sip-tcp-stat-code/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP stat code field. 2 | -------------------------------------------------------------------------------- /tests/sip-tcp-stat-msg/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP stat msg field. 2 | -------------------------------------------------------------------------------- /tests/sip-tcp-uri/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP URI field. 2 | -------------------------------------------------------------------------------- /tests/sip-tcp-uri/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-tcp-uri/test.rules -------------------------------------------------------------------------------- /tests/sip-tcp-uri/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-tcp-uri/test.yaml -------------------------------------------------------------------------------- /tests/sip-to/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP To header field. 2 | -------------------------------------------------------------------------------- /tests/sip-to/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-to/test.rules -------------------------------------------------------------------------------- /tests/sip-to/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-to/test.yaml -------------------------------------------------------------------------------- /tests/sip-uri/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP URI field. 2 | -------------------------------------------------------------------------------- /tests/sip-uri/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-uri/test.rules -------------------------------------------------------------------------------- /tests/sip-uri/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-uri/test.yaml -------------------------------------------------------------------------------- /tests/sip-user-agent/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP User-Agent header field. 2 | -------------------------------------------------------------------------------- /tests/sip-via/README.md: -------------------------------------------------------------------------------- 1 | Match on SIP Via header field. 2 | -------------------------------------------------------------------------------- /tests/sip-via/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-via/test.rules -------------------------------------------------------------------------------- /tests/sip-via/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/sip-via/test.yaml -------------------------------------------------------------------------------- /tests/smb-filename/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb-filename/README.md -------------------------------------------------------------------------------- /tests/smb-filename/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb-filename/test.yaml -------------------------------------------------------------------------------- /tests/smb1-01/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap found in Zeek/Bro git repo. 5 | -------------------------------------------------------------------------------- /tests/smb1-01/smb1.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb1-01/smb1.pcap -------------------------------------------------------------------------------- /tests/smb1-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb1-01/test.yaml -------------------------------------------------------------------------------- /tests/smb1-02/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap by Victor Julien. 5 | -------------------------------------------------------------------------------- /tests/smb1-02/smb1_osx.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb1-02/smb1_osx.pcap -------------------------------------------------------------------------------- /tests/smb1-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb1-02/test.yaml -------------------------------------------------------------------------------- /tests/smb1-03-midstream/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap by Victor Julien. 5 | -------------------------------------------------------------------------------- /tests/smb2-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-01/README.md -------------------------------------------------------------------------------- /tests/smb2-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-01/test.yaml -------------------------------------------------------------------------------- /tests/smb2-02/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap found in Zeek/Bro git repo. 5 | -------------------------------------------------------------------------------- /tests/smb2-02/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-02/test.yaml -------------------------------------------------------------------------------- /tests/smb2-03-rule/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap found in Zeek/Bro git repo. 5 | -------------------------------------------------------------------------------- /tests/smb2-03-rule/smb2.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-03-rule/smb2.pcap -------------------------------------------------------------------------------- /tests/smb2-03-rule/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-03-rule/test.yaml -------------------------------------------------------------------------------- /tests/smb2-04/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap from the ProtectWise blog. 5 | -------------------------------------------------------------------------------- /tests/smb2-04/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-04/test.yaml -------------------------------------------------------------------------------- /tests/smb2-04/test.yaml.old: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-04/test.yaml.old -------------------------------------------------------------------------------- /tests/smb2-05/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap from the ProtectWise blog. 5 | -------------------------------------------------------------------------------- /tests/smb2-05/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-05/test.yaml -------------------------------------------------------------------------------- /tests/smb2-06/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap from the ProtectWise blog. 5 | -------------------------------------------------------------------------------- /tests/smb2-06/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-06/test.yaml -------------------------------------------------------------------------------- /tests/smb2-07-frames/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap from the ProtectWise blog. 5 | -------------------------------------------------------------------------------- /tests/smb2-07/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap from the ProtectWise blog. 5 | -------------------------------------------------------------------------------- /tests/smb2-07/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-07/test.yaml -------------------------------------------------------------------------------- /tests/smb2-08-rule/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap found in Zeek/Bro git repo. 5 | -------------------------------------------------------------------------------- /tests/smb2-08-rule/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-08-rule/test.yaml -------------------------------------------------------------------------------- /tests/smb2-async/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-async/README.md -------------------------------------------------------------------------------- /tests/smb2-async/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-async/input.pcap -------------------------------------------------------------------------------- /tests/smb2-async/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-async/test.yaml -------------------------------------------------------------------------------- /tests/smb2-delete/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-delete/README.md -------------------------------------------------------------------------------- /tests/smb2-delete/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-delete/input.pcap -------------------------------------------------------------------------------- /tests/smb2-delete/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb2-delete/test.yaml -------------------------------------------------------------------------------- /tests/smb3-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb3-01/README.md -------------------------------------------------------------------------------- /tests/smb3-01/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb3-01/input.pcap -------------------------------------------------------------------------------- /tests/smb3-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smb3-01/test.yaml -------------------------------------------------------------------------------- /tests/smtp-attachment-md5/target.md5: -------------------------------------------------------------------------------- 1 | 44d88612fea8a8f36de82e1278abb02f 2 | -------------------------------------------------------------------------------- /tests/smtp-bug-6053/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-bug-6053/Makefile -------------------------------------------------------------------------------- /tests/smtp-errors/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-errors/README.md -------------------------------------------------------------------------------- /tests/smtp-errors/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-errors/test.yaml -------------------------------------------------------------------------------- /tests/smtp-eve/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-eve/test.rules -------------------------------------------------------------------------------- /tests/smtp-eve/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-eve/test.yaml -------------------------------------------------------------------------------- /tests/smtp-md5/suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-md5/suricata.yaml -------------------------------------------------------------------------------- /tests/smtp-md5/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-md5/test.yaml -------------------------------------------------------------------------------- /tests/smtp-rfc2231/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-rfc2231/README.md -------------------------------------------------------------------------------- /tests/smtp-rfc2231/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-rfc2231/test.yaml -------------------------------------------------------------------------------- /tests/smtp-rset/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-rset/README.md -------------------------------------------------------------------------------- /tests/smtp-rset/client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-rset/client.py -------------------------------------------------------------------------------- /tests/smtp-rset/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-rset/input.pcap -------------------------------------------------------------------------------- /tests/smtp-rset/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-rset/test.rules -------------------------------------------------------------------------------- /tests/smtp-rset/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp-rset/test.yaml -------------------------------------------------------------------------------- /tests/smtp/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/smtp/test.yaml -------------------------------------------------------------------------------- /tests/snmp-v2c-get/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/snmp-v2c-get/README.md -------------------------------------------------------------------------------- /tests/snmp-v2c-get/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/snmp-v2c-get/test.yaml -------------------------------------------------------------------------------- /tests/ssh-frames/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ssh-frames/README.md -------------------------------------------------------------------------------- /tests/ssh-frames/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ssh-frames/test.rules -------------------------------------------------------------------------------- /tests/ssh-frames/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ssh-frames/test.yaml -------------------------------------------------------------------------------- /tests/ssh-hassh/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ssh-hassh/input.pcap -------------------------------------------------------------------------------- /tests/ssh-hassh/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ssh-hassh/test.rules -------------------------------------------------------------------------------- /tests/ssh-hassh/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ssh-hassh/test.yaml -------------------------------------------------------------------------------- /tests/ssh-newkeys/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ssh-newkeys/README.md -------------------------------------------------------------------------------- /tests/ssh-newkeys/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ssh-newkeys/input.pcap -------------------------------------------------------------------------------- /tests/ssh-newkeys/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ssh-newkeys/test.rules -------------------------------------------------------------------------------- /tests/ssh-newkeys/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ssh-newkeys/test.yaml -------------------------------------------------------------------------------- /tests/streamsize-keyword-02-prefilter/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | Test stream_size keyword as prefilter. 4 | -------------------------------------------------------------------------------- /tests/tcp-5379/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/tcp-5379/README.md -------------------------------------------------------------------------------- /tests/tcp-5379/input.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/tcp-5379/input.pcap -------------------------------------------------------------------------------- /tests/tcp-5379/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/tcp-5379/test.rules -------------------------------------------------------------------------------- /tests/tcp-5379/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/tcp-5379/test.yaml -------------------------------------------------------------------------------- /tests/tcp-async-01/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/tcp-async-01/README.md -------------------------------------------------------------------------------- /tests/tcp-async-01/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/tcp-async-01/test.yaml -------------------------------------------------------------------------------- /tests/tcp-fastopen-01/README.md: -------------------------------------------------------------------------------- 1 | # PCAP 2 | 3 | https://redmine.openinfosecfoundation.org/issues/1203 4 | -------------------------------------------------------------------------------- /tests/tcp-fastopen-02/README.md: -------------------------------------------------------------------------------- 1 | # PCAP 2 | 3 | https://redmine.openinfosecfoundation.org/issues/1203 4 | -------------------------------------------------------------------------------- /tests/tcp-fastopen-03/README.md: -------------------------------------------------------------------------------- 1 | # PCAP 2 | 3 | https://redmine.openinfosecfoundation.org/issues/1203 4 | -------------------------------------------------------------------------------- /tests/tcp-fastopen-06/README.md: -------------------------------------------------------------------------------- 1 | Pcap from https://redmine.openinfosecfoundation.org/issues/3522 2 | -------------------------------------------------------------------------------- /tests/tcp-fastopen-10-syn-data-ignore/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap by Victor Julien 5 | 6 | -------------------------------------------------------------------------------- /tests/tcp-fastopen-11-reject-syn-data/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap by Victor Julien 5 | 6 | -------------------------------------------------------------------------------- /tests/test-config-empty-rule-file/empty.rules: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/test-ruleparse-etopen-01/threshold.config: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/threshold-config-validate-01/threshold.config: -------------------------------------------------------------------------------- 1 | this is not correct 2 | -------------------------------------------------------------------------------- /tests/threshold-config-validate-02/threshold.config: -------------------------------------------------------------------------------- 1 | this is not correct 2 | -------------------------------------------------------------------------------- /tests/tls-alpn-log-detect-02/README.md: -------------------------------------------------------------------------------- 1 | PCAP 2 | ==== 3 | 4 | Pcap recorded by Victor Julien 5 | -------------------------------------------------------------------------------- /tests/tls/tls-ja3s/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/tls/tls-ja3s/test.yaml -------------------------------------------------------------------------------- /tests/tls/tls-random/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/tls/tls-random/README -------------------------------------------------------------------------------- /tests/tls/tls-store-02/README.md: -------------------------------------------------------------------------------- 1 | PCAP from https://github.com/felin-arch/tls-client-auth 2 | -------------------------------------------------------------------------------- /tests/tls/tls-subject/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/tls/tls-subject/README -------------------------------------------------------------------------------- /tests/ut-complete/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ut-complete/test.yaml -------------------------------------------------------------------------------- /tests/ut-leakcheck/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/ut-leakcheck/test.yaml -------------------------------------------------------------------------------- /tests/websocket/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/websocket/README.md -------------------------------------------------------------------------------- /tests/websocket/test.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/websocket/test.rules -------------------------------------------------------------------------------- /tests/websocket/test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/tests/websocket/test.yaml -------------------------------------------------------------------------------- /util/functions.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OISF/suricata-verify/HEAD/util/functions.sh --------------------------------------------------------------------------------