Project

General

Profile

Actions

Feature #249

open

Configure host-os-policy from a file, like snorts host_attribute.xml

Added by Edward Fjellskål about 14 years ago. Updated almost 6 years ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

To be able to automate the configuration of frag and stream policy,
I propose that it is possible to read such info of IP and OS from a file.

It might be simple:
192.168.10.123|linux
192.168.10.124|vista
10.10.200.1|bsd

Or one could look at snorts host_attribute table.
Info on IP<->OS can be fetched from an inventory DB or Hooger and PRADS etc.

(
http://code.google.com/p/hogger/
https://github.com/gamelinux/prads/
)


Related issues 2 (1 open1 closed)

Related to Suricata - Feature #2277: netinfo: structured information about the network. Output hierarchical network tree in events NewEric LeblondActions
Related to Suricata - Feature #660: Update host policy from unix socketRejectedActions
Actions #1

Updated by Victor Julien over 13 years ago

  • Assignee set to Anonymous

I like this. I'd like per ip (both ipv4 and ipv6 should be supported) OS and at least service type and server version. Our HTTP parser could use that info for knowing if a server is Apache, IIS, etc.

Actions #2

Updated by Victor Julien over 12 years ago

  • Target version set to TBD
Actions #3

Updated by Victor Julien about 11 years ago

  • Assignee changed from Anonymous to Victor Julien
  • Target version changed from TBD to 3.0RC2
Actions #4

Updated by Victor Julien about 10 years ago

  • Target version changed from 3.0RC2 to 70
Actions #5

Updated by Victor Julien almost 8 years ago

  • Assignee changed from Victor Julien to OISF Dev
Actions #6

Updated by Victor Julien over 6 years ago

  • Related to Feature #2277: netinfo: structured information about the network. Output hierarchical network tree in events added
Actions #7

Updated by Victor Julien over 6 years ago

  • Assignee changed from OISF Dev to Anonymous
  • Target version changed from 70 to TBD
Actions #8

Updated by Andreas Herz almost 6 years ago

  • Assignee set to Community Ticket
Actions #9

Updated by Jason Ish about 5 years ago

  • Related to Feature #660: Update host policy from unix socket added
Actions

Also available in: Atom PDF