From d6cc871067ef7f6cf69e261a84579b7403ffcee3 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Thu, 23 Jan 2020 10:44:27 +0100 Subject: [PATCH] suricata: Enable new and rust-depended protocol parsers. Signed-off-by: Stefan Schantl Signed-off-by: Arne Fitzenreiter --- config/suricata/suricata.yaml | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index af9cb75a97..6a1af48faf 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -148,7 +148,9 @@ nfq: app-layer: protocols: krb5: - enabled: no # Requires rust + enabled: yes + snmp: + enabled: yes ikev2: enabled: yes tls: @@ -156,6 +158,12 @@ app-layer: detection-ports: dp: "[443,444,465,853,993,995]" + # Generate JA3 fingerprint from client hello. If not specified it + # will be disabled by default, but enabled if rules require it. + #ja3-fingerprints: auto + # Generate JA3 fingerprint from client hello + ja3-fingerprints: no + # Completely stop processing TLS/SSL session after the handshake # completed. If bypass is enabled this will also trigger flow # bypass. If disabled (the default), TLS/SSL session is still @@ -165,6 +173,8 @@ app-layer: enabled: yes ftp: enabled: yes + rdp: + enabled: no ssh: enabled: yes smtp: @@ -203,9 +213,10 @@ app-layer: enabled: yes detection-ports: dp: 139, 445 - # smb2 detection is disabled internally inside the engine. - #smb2: - # enabled: yes + nfs: + enabled: yes + tftp: + enabled: yes dns: # memcaps. Globally and per flow/state. global-memcap: 32mb @@ -271,6 +282,12 @@ app-layer: double-decode-path: no double-decode-query: no + ntp: + enabled: yes + dhcp: + enabled: yes + sip: + enabled: yes # Limit for the maximum number of asn1 frames to decode (default 256) asn1-max-frames: 256 -- 2.39.2