Project

General

Profile

Actions
Copy link

Feature #2213

closed
VJ OD

file matching: allow generic file matching / store

Feature #2213: file matching: allow generic file matching / store

Added by Victor Julien over 8 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Currently if you want to match on all protocols Suricata supports for file matching you need a rule for each protocol:

alert http .... filename:"blah";
alert smtp .... filename:"blah";
...

Perhaps 'alert tcp ... filename:"blah"' would be enough.
Or perhaps use 'alert file ... filename:"blah"' as a special protocol.

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #2249: rule with file keyword used with ip or tcp not seen as invalidRejectedOISF DevActions
Actions
Copy link

Also available in: PDF Atom