Feature #3271: Add keyword to determine flow based speed/bw - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #3271

open

Add keyword to determine flow based speed/bw

Added by Andreas Herz over 4 years ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

It would be helpful to have a keyword to match a specific bandwith/rate as this could be also used to bypass high traffic flows.

The simple form would be bytes in relation to flow age, pkts and bytes are already tracked as well. It's harder if it needs to be some sliding window with a period of time.

Related issues 2 (1 open — 1 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #3271

Add keyword to determine flow based speed/bw

Updated by Andreas Herz over 4 years ago

Updated by Victor Julien over 1 year ago

	Related to Suricata - Feature #2319: Expose flow lifetime to the rulelanguage	Rejected					Actions
	Related to Suricata - Task #5645: tracking: elephant flow detection	New	OISF Dev				Actions