Project

General

Profile

Actions
Copy link

Feature #3760

closed

Task #3759: datasets: finalize to move out of 'experimental'

datasets: distinguish between 'static' and 'dynamic' sets

Added by Victor Julien almost 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
6.0.0beta1
Effort:
Difficulty:
Label:

Description

A static set would be a set that is provided by an intel provider. It would not be changed by Suricata at runtime except for rule updates.

A dynamic set would provide features like storing the set to disk at shutdown, adding to the set from the rule language, etc.

Actions
Copy link
 #1

Updated by Victor Julien almost 4 years ago

  • Target version set to 6.0.0beta1
Actions
Copy link
 #2

Updated by Victor Julien almost 4 years ago

  • Status changed from New to Assigned
  • Assignee set to Shivani Bhardwaj

We should probably add a keyword option to explicitly state if a set is dynamic or static, but we can also try to infer it. If the 'state' or 'save' options are used, it is dynamic.

Maybe it would make sense that if the set is loaded from the part of the file system that is managed by suricata-update, it is static.

Actions
Copy link
 #3

Updated by Shivani Bhardwaj over 3 years ago

  • Status changed from Assigned to Closed
Actions
Copy link

Also available in: Atom PDF