Actions
Optimization #1873
closedClasstypes missing on decoder-events,files, and stream-events
Effort:
Difficulty:
Label:
Description
Hi,
These rules do not have an associated classtype with them. Could you take a look and determine if that would be a relevant addition?
Best,
Jack
Updated by Andreas Herz over 7 years ago
- Tracker changed from Bug to Optimization
- Assignee set to OISF Dev
- Target version set to TBD
stream-events has classtype, do you have anything special in mind?
Updated by Andreas Herz almost 7 years ago
We have some shipped rules with classtypes and some without:
(classtype:protocol-command-decode)- app-layer-events.rules
- http-events.rules
- smtp-events.rules
- stream-events.rules
- tls-events.rules
- decoder-events.rules
- dnp3-events.rules
- dns-events.rules
- files.rules
- modbus-events.rules
Something we just forgot or is that for a specific reason?
Updated by Victor Julien almost 7 years ago
Seems it was forgotten. Btw the files.rules file is really only meant to be an example.
Updated by Andreas Herz almost 7 years ago
Yep that's also why the rules in there are commented, so would it be ok to add the classtype:protocol-command-decode to the 4 rule files left?
Updated by Andreas Herz almost 7 years ago
- Assignee changed from OISF Dev to Andreas Herz
Updated by Victor Julien almost 7 years ago
- Status changed from New to Closed
- Target version changed from TBD to 4.0beta1
Actions