Task #2693
opentracking: libsuricata
Description
This request came up at Suricon2018, but has come up before. The idea is to turn much of Suricata into a library that can be reused in other tools.
The first step would be to define some of the use cases we'd like to initially support so that an API could be designed for that.
Updated by Victor Julien over 4 years ago
- Related to Task #2685: SuriCon 2018 brainstorm added
Updated by Victor Julien about 3 years ago
- Assignee changed from Community Ticket to OISF Dev
Updated by Victor Julien about 3 years ago
One of the use cases that has been brought forward is to be able to integrate the Suricata detection and logging into OVS.
Updated by Victor Julien over 2 years ago
- Related to Task #4097: Suricon 2020 brainstorm added
Updated by Victor Julien over 2 years ago
- Tracker changed from Feature to Task
- Subject changed from libsuricata to tracking: libsuricata
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jason Ish
- Target version changed from TBD to 7.0.0-beta1
Updated by Jason Ish over 2 years ago
- Related to Task #4221: Build Suricata into a static and shared library added
Updated by Jason Ish about 2 years ago
- Related to Task #4429: libsuricata: Use cases with examples added
Updated by Jason Ish over 1 year ago
- Related to Task #4101: tracking: plugins added
Updated by Jason Ish over 1 year ago
- Related to Task #4704: unix-socket: separate functionality from the unix socket interface added
Updated by Jason Ish over 1 year ago
- Related to Task #4742: Make the auto-generated config.h not conflict with other config.h. added
Updated by Jason Ish over 1 year ago
- Status changed from Assigned to In Progress
Updated by Victor Julien 11 months ago
- Related to Task #5433: tracking: reduce number of public data structures added
Updated by Victor Julien 8 months ago
- Target version changed from 7.0.0-beta1 to 8.0.0-beta1
Updated by Philippe Antoine 7 months ago
Use cases :
- Have packets from some other source
- Have some already reassembled stream (SSL proxy)
- Have a very dynamic way to tell which packet which should be handled by this config/ruleset (complexity from global variables), have some way for tenants to remove certain categories, or have a finite set of precompiled rulesets and have a plugin be able to tell which ruleset should be used for each packet
- Have packet returned with metadata like the alerts it has
Idea to persist precompiled ruleset
Updated by Philippe Antoine 7 months ago
- Related to Task #5488: Suricon 2022 brainstorm added
Updated by Philippe Antoine 7 months ago
- Related to Task #2313: tracking: save & restore state when suricata restarts added