https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022017-08-10T15:41:54ZOpen Information Security FoundationSuricata - Feature #2200: Dynamically add md5 to blacklist without full restarthttps://redmine.openinfosecfoundation.org/issues/2200?journal_id=85742017-08-10T15:41:54ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>Anonymous</i></li><li><strong>Target version</strong> set to <i>TBD</i></li></ul><p>Are you interested to work on that?</p> Suricata - Feature #2200: Dynamically add md5 to blacklist without full restarthttps://redmine.openinfosecfoundation.org/issues/2200?journal_id=86732017-10-06T06:27:49ZMikael Keri
<ul></ul><p>As there no up vote functionality, I will add this comment instead. I would also like to see this being implemented, it would add a lot of benefit now having to SIG HUP Suricata everytime I add new Black and Whitelist entry. What I could offer is to test it and provide feedback, if and when it gets implemented.</p> Suricata - Feature #2200: Dynamically add md5 to blacklist without full restarthttps://redmine.openinfosecfoundation.org/issues/2200?journal_id=99182018-07-13T18:32:58ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Assignee</strong> changed from <i>Anonymous</i> to <i>Victor Julien</i></li></ul><p>Working on something.</p> Suricata - Feature #2200: Dynamically add md5 to blacklist without full restarthttps://redmine.openinfosecfoundation.org/issues/2200?journal_id=139852019-09-27T11:02:40ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li><li><strong>Target version</strong> changed from <i>TBD</i> to <i>5.0rc1</i></li></ul><p>In 5.0, this can be done using:<br /><pre>
file.md5; dataset:isset,<setname>, type md5;
</pre><br />Then over unix socket:<br /><pre>
dataset-add <setname> md5 <hex notation of md5>
</pre></p>