https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022018-01-20T18:18:43ZOpen Information Security FoundationSuricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=93842018-01-20T18:18:43ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>OISF Dev</i></li><li><strong>Target version</strong> set to <i>TBD</i></li></ul> Suricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=99952018-07-17T10:06:50ZVictor Julienvictor@inliniac.net
<ul><li><strong>Effort</strong> set to <i>high</i></li><li><strong>Difficulty</strong> set to <i>high</i></li></ul> Suricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=104702018-11-21T11:01:50ZVictor Julienvictor@inliniac.net
<ul><li><strong>Assignee</strong> changed from <i>OISF Dev</i> to <i>Anonymous</i></li></ul><p>Due to the complexity of the detection engine, this is not easily possible. Perhaps it would be possible to do this for the simpler rule types, but it seems to be requested mostly for complex rule types. Assigning to 'community' as there are no plans to work on this.</p> Suricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=104712018-11-21T11:01:59ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-5 status-2 priority-4 priority-default child" href="/issues/2685">Task #2685</a>: SuriCon 2018 brainstorm</i> added</li></ul> Suricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=105482018-11-27T10:30:37ZKenneth Kolano
<ul></ul><p>Note similar functionality would be useful when updating fileMD5 entries</p> Suricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=111352019-02-23T22:04:34ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>Community Ticket</i></li></ul> Suricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=143762019-11-01T07:48:22ZVictor Julienvictor@inliniac.net
<ul></ul><p>The datasets support allows live updates over unix-socket. So for the file md5 matching and the many other datasets usecases this is now supported. The rules stay static, but the datasets referenced by them are dynamic.</p> Suricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=144012019-11-01T14:25:51ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li></ul> Suricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=144412019-11-04T11:53:23ZVictor Julienvictor@inliniac.net
<ul></ul><p>We've closed this as we don't see this happen w/o massive redesigns of how the detection engine works. We think the datasets work will support a good deal of the possible use cases. For others, we'll have to fall back to regular rule reloads.</p> Suricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=144422019-11-04T11:53:35ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-5 status-2 priority-4 priority-default child" href="/issues/3288">Task #3288</a>: Suricon 2019 brainstorm</i> added</li></ul> Suricata - Feature #2409: Push signatures without reloading the entire set.https://redmine.openinfosecfoundation.org/issues/2409?journal_id=182132020-11-06T16:23:55ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>Closed</i> to <i>Rejected</i></li></ul>