Feature #2648: store captured data into file - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #2648

open

store captured data into file

Added by Hugo Lequien over 5 years ago. Updated almost 5 years ago.

Status:

New

Priority:

Normal

Assignee:

Community Ticket

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Problematic :
- file reconstruction does not work on ip stream
- luajit only receives chunks of the stream (1250 bytes max)
- Malwares and large exploits can be injected via non-http flows, but it is impossible to perform a confirmation check (via lua or 3rd-party software) because the matched stream can not be properly passed to them.

Solution :
A new feature to store the stream to a file. Preferably enabled by a keyword in a rule to avoid storing every matching rule.

History
Property changes

Actions

Copy link

Updated by Andreas Herz almost 5 years ago

Assignee set to Community Ticket
Target version set to TBD

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #2648

store captured data into file

Updated by Andreas Herz almost 5 years ago