sigmatch_table[DETECT_BYTEMATH].Match = NULL;
sigmatch_table[DETECT_BYTEMATH].Setup = DetectByteMathSetup;
sigmatch_table[DETECT_BYTEMATH].Free = DetectByteMathFree;
+ sigmatch_table[DETECT_BYTEMATH].desc = "used to perform mathematical operations on byte values";
+ sigmatch_table[DETECT_BYTEMATH].url = "/rules/payload-keywords.html#byte-math";
#ifdef UNITTESTS
sigmatch_table[DETECT_BYTEMATH].RegisterTests = DetectByteMathRegisterTests;
#endif
sigmatch_table[DETECT_CONFIG].Match = DetectConfigPostMatch;
sigmatch_table[DETECT_CONFIG].Setup = DetectConfigSetup;
sigmatch_table[DETECT_CONFIG].Free = DetectConfigFree;
+ sigmatch_table[DETECT_CONFIG].desc =
+ "apply different configuration settings to a flow, packet or other unit";
+ sigmatch_table[DETECT_CONFIG].url = "/rules/config.html";
#ifdef UNITTESTS
sigmatch_table[DETECT_CONFIG].RegisterTests = DetectConfigRegisterTests;
#endif
sigmatch_table[DETECT_IPV4_CSUM].Match = DetectIPV4CsumMatch;
sigmatch_table[DETECT_IPV4_CSUM].Setup = DetectIPV4CsumSetup;
sigmatch_table[DETECT_IPV4_CSUM].Free = DetectIPV4CsumFree;
+ sigmatch_table[DETECT_IPV4_CSUM].desc = "match on IPv4 checksum";
#ifdef UNITTESTS
sigmatch_table[DETECT_IPV4_CSUM].RegisterTests = DetectCsumRegisterTests;
#endif
sigmatch_table[DETECT_TCPV4_CSUM].Match = DetectTCPV4CsumMatch;
sigmatch_table[DETECT_TCPV4_CSUM].Setup = DetectTCPV4CsumSetup;
sigmatch_table[DETECT_TCPV4_CSUM].Free = DetectTCPV4CsumFree;
+ sigmatch_table[DETECT_TCPV4_CSUM].desc = "match on IPv4/TCP checksum";
sigmatch_table[DETECT_TCPV6_CSUM].name = "tcpv6-csum";
sigmatch_table[DETECT_TCPV6_CSUM].Match = DetectTCPV6CsumMatch;
sigmatch_table[DETECT_TCPV6_CSUM].Setup = DetectTCPV6CsumSetup;
sigmatch_table[DETECT_TCPV6_CSUM].Free = DetectTCPV6CsumFree;
+ sigmatch_table[DETECT_TCPV6_CSUM].desc = "match on IPv6/TCP checksum";
sigmatch_table[DETECT_UDPV4_CSUM].name = "udpv4-csum";
sigmatch_table[DETECT_UDPV4_CSUM].Match = DetectUDPV4CsumMatch;
sigmatch_table[DETECT_UDPV4_CSUM].Setup = DetectUDPV4CsumSetup;
sigmatch_table[DETECT_UDPV4_CSUM].Free = DetectUDPV4CsumFree;
+ sigmatch_table[DETECT_UDPV4_CSUM].desc = "match on IPv4/UDP checksum";
sigmatch_table[DETECT_UDPV6_CSUM].name = "udpv6-csum";
sigmatch_table[DETECT_UDPV6_CSUM].Match = DetectUDPV6CsumMatch;
sigmatch_table[DETECT_UDPV6_CSUM].Setup = DetectUDPV6CsumSetup;
sigmatch_table[DETECT_UDPV6_CSUM].Free = DetectUDPV6CsumFree;
+ sigmatch_table[DETECT_UDPV6_CSUM].desc = "match on IPv6/UDP checksum";
sigmatch_table[DETECT_ICMPV4_CSUM].name = "icmpv4-csum";
sigmatch_table[DETECT_ICMPV4_CSUM].Match = DetectICMPV4CsumMatch;
sigmatch_table[DETECT_ICMPV4_CSUM].Setup = DetectICMPV4CsumSetup;
sigmatch_table[DETECT_ICMPV4_CSUM].Free = DetectICMPV4CsumFree;
+ sigmatch_table[DETECT_ICMPV4_CSUM].desc = "match on IPv4/ICMP checksum";
sigmatch_table[DETECT_ICMPV6_CSUM].name = "icmpv6-csum";
sigmatch_table[DETECT_ICMPV6_CSUM].Match = DetectICMPV6CsumMatch;
sigmatch_table[DETECT_ICMPV6_CSUM].Setup = DetectICMPV6CsumSetup;
sigmatch_table[DETECT_ICMPV6_CSUM].Free = DetectICMPV6CsumFree;
+ sigmatch_table[DETECT_ICMPV6_CSUM].desc = "match on IPv6/ICMPv6 checksum";
}
/**
sigmatch_table[DETECT_DCE_IFACE].AppLayerTxMatch = DetectDceIfaceMatchRust;
sigmatch_table[DETECT_DCE_IFACE].Setup = DetectDceIfaceSetup;
sigmatch_table[DETECT_DCE_IFACE].Free = DetectDceIfaceFree;
+ sigmatch_table[DETECT_DCE_IFACE].desc =
+ "match on the value of the interface UUID in a DCERPC header";
+ sigmatch_table[DETECT_DCE_IFACE].url = "/rules/dcerpc-keywords.html#dcerpc-iface";
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic");
sigmatch_table[DETECT_DCE_OPNUM].AppLayerTxMatch = DetectDceOpnumMatchRust;
sigmatch_table[DETECT_DCE_OPNUM].Setup = DetectDceOpnumSetup;
sigmatch_table[DETECT_DCE_OPNUM].Free = DetectDceOpnumFree;
+ sigmatch_table[DETECT_DCE_OPNUM].desc =
+ "match on one or many operation numbers within the interface in a DCERPC header";
+ sigmatch_table[DETECT_DCE_OPNUM].url = "/rules/dcerpc-keywords.html#dcerpc-opnum";
#ifdef UNITTESTS
sigmatch_table[DETECT_DCE_OPNUM].RegisterTests = DetectDceOpnumRegisterTests;
#endif
sigmatch_table[DETECT_DCE_STUB_DATA].name = "dcerpc.stub_data";
sigmatch_table[DETECT_DCE_STUB_DATA].alias = "dce_stub_data";
sigmatch_table[DETECT_DCE_STUB_DATA].Setup = DetectDceStubDataSetup;
+ sigmatch_table[DETECT_DCE_STUB_DATA].desc = "match on the stub data in a DCERPC packet";
+ sigmatch_table[DETECT_DCE_STUB_DATA].url = "/rules/dcerpc-keywords.html#dcerpc-stub-data";
#ifdef UNITTESTS
sigmatch_table[DETECT_DCE_STUB_DATA].RegisterTests = DetectDceStubDataRegisterTests;
#endif
sigmatch_table[DETECT_DECODE_EVENT].Match = DetectEngineEventMatch;
sigmatch_table[DETECT_DECODE_EVENT].Setup = DetectDecodeEventSetup;
sigmatch_table[DETECT_DECODE_EVENT].Free = DetectEngineEventFree;
+ sigmatch_table[DETECT_DECODE_EVENT].desc =
+ "match on events triggered by structural or invalid values during packet decoding";
+ sigmatch_table[DETECT_DECODE_EVENT].url = "/rules/decode-layer.html#decode-event";
sigmatch_table[DETECT_DECODE_EVENT].flags |= SIGMATCH_DEONLY_COMPAT;
sigmatch_table[DETECT_DECODE_EVENT].SupportsPrefilter = PrefilterDecodeEventIsPrefilterable;
sigmatch_table[DETECT_DECODE_EVENT].SetupPrefilter = PrefilterSetupDecodeEvent;
sigmatch_table[DETECT_STREAM_EVENT].Match = DetectEngineEventMatch;
sigmatch_table[DETECT_STREAM_EVENT].Setup = DetectStreamEventSetup;
sigmatch_table[DETECT_STREAM_EVENT].Free = DetectEngineEventFree;
+ sigmatch_table[DETECT_STREAM_EVENT].desc =
+ "match on events triggered by anomalies during TCP streaming";
sigmatch_table[DETECT_STREAM_EVENT].SupportsPrefilter = PrefilterStreamEventIsPrefilterable;
sigmatch_table[DETECT_STREAM_EVENT].SetupPrefilter = PrefilterSetupStreamEvent;
sigmatch_table[KEYWORD_ID].Setup = DetectSmbNtlmsspUserSetup;
sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB ntlmssp user in session setup";
+ sigmatch_table[KEYWORD_ID].url = "/rules/smb-keywords.html#smb-ntlmssp-user";
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
GetNtlmsspUserData, ALPROTO_SMB, 1);
sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
sigmatch_table[KEYWORD_ID].desc =
"sticky buffer to match on SMB ntlmssp domain in session setup";
+ sigmatch_table[KEYWORD_ID].url = "/rules/smb-keywords.html#smb-ntlmssp-domain";
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
GetNtlmsspDomainData, ALPROTO_SMB, 1);
sigmatch_table[KEYWORD_ID].Setup = DetectSmbNamedPipeSetup;
sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB named pipe in tree connect";
+ sigmatch_table[KEYWORD_ID].url = "/rules/smb-keywords.html#smb-named-pipe";
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
GetNamedPipeData, ALPROTO_SMB, 1);
sigmatch_table[KEYWORD_ID].Setup = DetectSmbShareSetup;
sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB share name in tree connect";
+ sigmatch_table[KEYWORD_ID].url = "/rules/smb-keywords.html#smb-share";
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
GetShareData, ALPROTO_SMB, 1);
sigmatch_table[DETECT_TAG].Match = DetectTagMatch;
sigmatch_table[DETECT_TAG].Setup = DetectTagSetup;
sigmatch_table[DETECT_TAG].Free = DetectTagDataFree;
+ sigmatch_table[DETECT_TAG].desc = "tag of current and future packets for a flow or host";
+ sigmatch_table[DETECT_TAG].url = "/rules/tag.html#tag";
#ifdef UNITTESTS
sigmatch_table[DETECT_TAG].RegisterTests = DetectTagRegisterTests;
#endif
projects / thirdparty / suricata.git / commitdiff
