Project

General

Profile

Support #2309

SuriCon 2017 brainstorm

Added by Victor Julien about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:

Description

Meta ticket. Add relations to this ticket for the tickets discussed at SuriCon or created after SuriCon brainstorm.


Related issues

Related to Feature #2308: threshold/suppress by http_hostAssignedActions
Related to Feature #2310: lua: expose xbitsNewActions
Related to Feature #2311: math on extracted valuesNewActions
Related to Feature #2312: http: parsing for async streamsNewActions
Related to Feature #2313: save & restore state when suricata restartsAssignedActions
Related to Feature #2314: protocol parser: rdpNewActions
Related to Feature #646: smb log feature to be introducedClosed11/28/2012Actions
Related to Feature #2315: eve: ftp loggingAssignedActions
Related to Feature #2316: global memcapAssigned12/01/2017Actions
Related to Optimization #2317: rcuNewActions
Related to Feature #2303: file-store enhancements (aka file-store v2): deduplication; hash-based naming; json metadata and cleanup toolingClosed06/08/2014Actions
Related to Feature #2278: failing betterNew11/20/2017Actions
Related to Feature #550: Extract file attachments from FTPClosed09/10/2012Actions
Related to Feature #2192: JA3 TLS client fingerprintingClosed07/24/2017Actions
Related to Feature #2279: TLS 1.3 decoding, SNI extraction and loggingClosedActions
Related to Feature #2280: http: rules that match both request and responseAssigned11/20/2017Actions
Related to Feature #1576: http: byte-range supportNewActions
Related to Feature #2281: tcp stream: simpler IDS handling of overlap evasionsAssigned11/20/2017Actions
Related to Feature #120: Capture full session on alertNewActions
Related to Feature #385: Configuration option to log all known (pcap) data for a stream when an alert firesNewActions
Related to Feature #2219: Save pcap only if alertAssigned10/04/2017Actions
Related to Feature #2290: lua: expose lua generated buffers to rule langNew11/27/2017Actions
Related to Feature #2284: detect partial file transfersNew11/20/2017Actions
Related to Feature #1705: hyperscan pcre integrationClosedActions
Related to Feature #1006: transformation apiClosed10/23/2013Actions
Related to Feature #2291: traffic-id: ruleset for traffic classification and bypassAssignedActions
Related to Feature #2285: modify memcaps over unix socketClosed11/20/2017Actions
Related to Feature #2283: turn content modifiers into 'sticky buffers'NewActions
Related to Feature #1948: allow filestore name configuration optionsClosed11/10/2016Actions
Related to Feature #2286: doc: document best practices around handling file extractionAssigned11/20/2017Actions
Related to Feature #2282: event log aka weird.logNewActions
Related to Optimization #2272: Analyze DNS response if query is not presentNew11/16/2017Actions
Related to Feature #741: Introduce endswith keywordClosed01/31/2013Actions
Related to Feature #742: startswith keywordClosed02/01/2013Actions
Related to Feature #735: Introduce content_len keywordClosed01/26/2013Actions
Related to Feature #2299: pcap: read directory with pcaps from the commandlineClosed11/28/2017Actions
Related to Feature #2298: pcap: store pcaps in compressed formClosedActions
Related to Feature #1828: YARA supportAssignedActions
Related to Feature #1949: only write unique filesClosed11/10/2016Actions
Related to Feature #962: Can I log the mac address of the source?AssignedActions
Related to Feature #2318: matching on large amounts of data with dynamic updatesNew12/05/2012Actions
Related to Feature #2319: Expose flow lifetime to the rulelanguageNewActions
Related to Feature #2320: configure host os policy over unix socketRejectedActions
Related to Bug #2321: yaml: clean up usage of listsAssigned12/01/2017Actions
Related to Support #2322: create place for easy sharing of test casesNew12/01/2017Actions
Related to Feature #660: Update host policy from unix socketNew12/05/2012Actions

History

#1

Updated by Victor Julien about 1 year ago

  • Related to Feature #2308: threshold/suppress by http_host added
#2

Updated by Victor Julien about 1 year ago

#3

Updated by Victor Julien about 1 year ago

#4

Updated by Victor Julien about 1 year ago

  • Related to Feature #2312: http: parsing for async streams added
#5

Updated by Victor Julien about 1 year ago

  • Related to Feature #2313: save & restore state when suricata restarts added
#6

Updated by Victor Julien about 1 year ago

#7

Updated by Victor Julien about 1 year ago

  • Related to Feature #646: smb log feature to be introduced added
#8

Updated by Victor Julien about 1 year ago

#9

Updated by Victor Julien about 1 year ago

#10

Updated by Victor Julien about 1 year ago

#11

Updated by Victor Julien about 1 year ago

  • Related to Feature #2303: file-store enhancements (aka file-store v2): deduplication; hash-based naming; json metadata and cleanup tooling added
#12

Updated by Victor Julien about 1 year ago

#13

Updated by Victor Julien about 1 year ago

  • Related to Feature #550: Extract file attachments from FTP added
#14

Updated by Victor Julien about 1 year ago

#15

Updated by Victor Julien about 1 year ago

  • Related to Feature #2279: TLS 1.3 decoding, SNI extraction and logging added
#16

Updated by Victor Julien about 1 year ago

  • Related to Feature #2280: http: rules that match both request and response added
#17

Updated by Victor Julien about 1 year ago

#18

Updated by Victor Julien about 1 year ago

  • Related to Feature #2281: tcp stream: simpler IDS handling of overlap evasions added
#19

Updated by Victor Julien about 1 year ago

  • Related to Feature #120: Capture full session on alert added
#20

Updated by Victor Julien about 1 year ago

  • Related to Feature #385: Configuration option to log all known (pcap) data for a stream when an alert fires added
#21

Updated by Victor Julien about 1 year ago

#22

Updated by Victor Julien about 1 year ago

  • Related to Feature #2290: lua: expose lua generated buffers to rule lang added
#23

Updated by Victor Julien about 1 year ago

#24

Updated by Victor Julien about 1 year ago

#25

Updated by Victor Julien about 1 year ago

#26

Updated by Victor Julien about 1 year ago

  • Related to Feature #2291: traffic-id: ruleset for traffic classification and bypass added
#27

Updated by Victor Julien about 1 year ago

  • Related to Feature #2285: modify memcaps over unix socket added
#28

Updated by Victor Julien about 1 year ago

  • Related to Feature #2283: turn content modifiers into 'sticky buffers' added
#29

Updated by Victor Julien about 1 year ago

  • Related to Feature #1948: allow filestore name configuration options added
#30

Updated by Victor Julien about 1 year ago

  • Related to Feature #2286: doc: document best practices around handling file extraction added
#31

Updated by Victor Julien about 1 year ago

#32

Updated by Victor Julien about 1 year ago

#33

Updated by Victor Julien about 1 year ago

#34

Updated by Victor Julien about 1 year ago

#35

Updated by Victor Julien about 1 year ago

  • Related to Feature #735: Introduce content_len keyword added
#36

Updated by Victor Julien about 1 year ago

  • Related to Feature #2299: pcap: read directory with pcaps from the commandline added
#37

Updated by Victor Julien about 1 year ago

  • Related to Feature #2298: pcap: store pcaps in compressed form added
#38

Updated by Victor Julien about 1 year ago

#39

Updated by Victor Julien about 1 year ago

#40

Updated by Victor Julien about 1 year ago

  • Related to Feature #962: Can I log the mac address of the source? added
#41

Updated by Victor Julien about 1 year ago

  • Related to Feature #2318: matching on large amounts of data with dynamic updates added
#42

Updated by Victor Julien about 1 year ago

  • Related to Feature #2319: Expose flow lifetime to the rulelanguage added
#43

Updated by Victor Julien about 1 year ago

  • Related to Feature #2320: configure host os policy over unix socket added
#44

Updated by Victor Julien about 1 year ago

  • Related to Bug #2321: yaml: clean up usage of lists added
#45

Updated by Victor Julien about 1 year ago

  • Related to Support #2322: create place for easy sharing of test cases added
#46

Updated by Victor Julien 10 months ago

  • Related to Feature #660: Update host policy from unix socket added

Also available in: Atom PDF