Feature #2758: intel / reputation matching on arbitrary data - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #2758

closed

intel / reputation matching on arbitrary data

Added by Victor Julien over 5 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

5.0rc1

Effort:

Difficulty:

Label:

Description

Implement a way for the engine to match on arbitrary data for checking it against intel / reputation. Rule lang would drive this. I see this as a mix between #2318 and more advanced transformation support.

Related issues 1 (1 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Updated by Victor Julien over 5 years ago

Related to Task #2685: SuriCon 2018 brainstorm added

Actions

Copy link

Updated by Victor Julien over 4 years ago

Status changed from Assigned to Closed
Target version changed from TBD to 5.0rc1
Effort deleted (~~high~~)
Difficulty deleted (~~high~~)

https://github.com/OISF/suricata/pull/4166

https://suricata.readthedocs.io/en/latest/rules/datasets.html

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #2758

intel / reputation matching on arbitrary data

Updated by Victor Julien over 5 years ago

Updated by Victor Julien over 4 years ago