Feature #1373: Allow different reassembly depth for filestore rules - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #1373

closed

DH GL

Allow different reassembly depth for filestore rules

Feature #1373: Allow different reassembly depth for filestore rules

Added by Duane Howard about 11 years ago. Updated over 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Giuseppe Longo

Target version:

3.2beta1

Effort:

Difficulty:

Label:

Description

In order to capture full files, stream reassembly depth needs to be > file length, in many cases this would mean expanding stream reassembly to several MB. However for non-filestore rules most badness and detection can happen in the first few KB, so reassembling seems wasteful. It could be interesting to have a distinct option to reassemble streams that match of filestore rules to a different depth than those that are not filestore rules.

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #1373

Allow different reassembly depth for filestore rules

VJ Updated by Victor Julien almost 11 years ago Actions
Copy link
#1

DH Updated by Duane Howard almost 11 years ago Actions
Copy link
#2

PM Updated by Peter Manev almost 11 years ago Actions
Copy link
#3

DH Updated by Duane Howard over 10 years ago Actions
Copy link
#4

VJ Updated by Victor Julien over 10 years ago Actions
Copy link
#5

AH Updated by Andreas Herz over 10 years ago Actions
Copy link
#6

DH Updated by Duane Howard almost 10 years ago Actions
Copy link
#7

VJ Updated by Victor Julien almost 10 years ago Actions
Copy link
#8

CK Updated by chris K. over 9 years ago Actions
Copy link
#9

VJ Updated by Victor Julien over 9 years ago Actions
Copy link
#10

Project

General

Profile

Suricata

Custom queries

Feature #1373

Allow different reassembly depth for filestore rules

VJ Updated by Victor Julien almost 11 years ago ActionsCopy link #1

DH Updated by Duane Howard almost 11 years ago ActionsCopy link #2

PM Updated by Peter Manev almost 11 years ago ActionsCopy link #3

DH Updated by Duane Howard over 10 years ago ActionsCopy link #4

VJ Updated by Victor Julien over 10 years ago ActionsCopy link #5

AH Updated by Andreas Herz over 10 years ago ActionsCopy link #6

DH Updated by Duane Howard almost 10 years ago ActionsCopy link #7

VJ Updated by Victor Julien almost 10 years ago ActionsCopy link #8

CK Updated by chris K. over 9 years ago ActionsCopy link #9

VJ Updated by Victor Julien over 9 years ago ActionsCopy link #10

VJ Updated by Victor Julien almost 11 years ago Actions
Copy link
#1

DH Updated by Duane Howard almost 11 years ago Actions
Copy link
#2

PM Updated by Peter Manev almost 11 years ago Actions
Copy link
#3

DH Updated by Duane Howard over 10 years ago Actions
Copy link
#4

VJ Updated by Victor Julien over 10 years ago Actions
Copy link
#5

AH Updated by Andreas Herz over 10 years ago Actions
Copy link
#6

DH Updated by Duane Howard almost 10 years ago Actions
Copy link
#7

VJ Updated by Victor Julien almost 10 years ago Actions
Copy link
#8

CK Updated by chris K. over 9 years ago Actions
Copy link
#9

VJ Updated by Victor Julien over 9 years ago Actions
Copy link
#10