Feature #1100: keyword: file_ext keyword - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #1100

closed

keyword: file_ext keyword

Added by Victor Julien almost 11 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Effort:

Difficulty:

Label:

Description

Like fileext, match on file extensions, but act like file_data.

file_ext; content:"exe"; nocase;

Complication is that fileext really just looks at the file name, and checks if the last bytes of it are what the fileext keyword contains, preceded by a dot. Might not be as easy to convert.

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #1100

keyword: file_ext keyword

Updated by Andreas Herz almost 9 years ago

Updated by Victor Julien over 6 years ago

Updated by Victor Julien over 6 years ago

Updated by Andreas Herz almost 6 years ago

Updated by Victor Julien over 5 years ago