Project

General

Profile

Task #4097

Suricon 2020 brainstorm

Added by Victor Julien 6 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
-
Effort:
Difficulty:
Label:

Description

Tracking ticket for the virtual brainstorm in November 2020.


Related issues

Related to Task #3307: Research: evaluate future of lua support in SuricataNewOISF DevActions
Related to Task #3329: Research: WASM as a Lua alternative and for dynamically loadable modulesAssignedJason IshActions
Related to Task #2693: tracking: libsuricataAssignedJason IshActions
Related to Feature #4099: allow rule keyword registration from app-layerAssignedVictor JulienActions
Related to Task #4101: tracking: pluginsNewJason IshActions
Related to Feature #3954: Optimize handling of encapsulation in cloud deploymentNewActions
Related to Feature #3306: Support AF_XDP capture methodAssignedEric LeblondActions
Related to Optimization #4126: Threaded eve logging for output types other than regular file (socket, plugins, redis etc)ClosedJeff LucovskyActions
Related to Feature #1199: LDAP supportIn ProgressPierre ChifflierActions
Related to Bug #2224: Negated http_* match returns false if buffer not populatedNewOISF DevActions
Related to Bug #4138: A stable flow ID for dump/restore of state as well as state synchronizationNewActions
Related to Feature #2448: Add additional buffers for DNS ResponsesNewOISF DevActions
Related to Feature #4140: IEC104 Protocol SupportAssignedStian BergsethActions
Related to Optimization #4141: file.data: inspect File objects for HTTPAssignedJeff LucovskyActions
Related to Task #4143: tracking: file.data improvementsAssignedJeff LucovskyActions
Related to Feature #2487: Buffers for field/value pairs in http_uri and http_client_bodyNewOISF DevActions
Related to Feature #2488: HTML Parsing / BuffersNewOISF DevActions
Related to Feature #3494: rules: Keyword for determining if the http_host is an ip addressNewActions
Related to Feature #3285: rules: XOR keywordIn ReviewSimon DugasActions
Related to Feature #3260: SMTP Base64 Decoding of Message BodyNewOISF DevActions
Related to Feature #3261: SMTP quoted-printable Decoding of Message BodyNewOISF DevActions
Related to Feature #2486: prefilter/fast_pattern logic for flowbitsAssignedVictor JulienActions
Related to Feature #4089: rules: Flexible format transformAssignedJeff LucovskyActions
Related to Task #4146: Research: Hand off packet streams on alertsNewCommunity TicketActions
Related to Feature #4147: Map rules to MITRE ATT&CKFeedbackCommunity TicketActions
Related to Feature #4148: Research: SSH Support for additional protocol analysisNewCommunity TicketActions
Related to Feature #4149: Research: Dynamic datasetsFeedbackCommunity TicketActions
Related to Feature #4150: Profiling mode: Ticks used to generate an alert available?NewCommunity TicketActions
Related to Task #4151: Research: New protocol supportNewCommunity TicketActions
Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption toolsAssignedVictor JulienActions
Related to Feature #2755: vendor id / vid keyword to give rulesets unique sid rangesNewOISF DevActions
Related to Bug #2190: apparent 1000 character limit in threshold.conf IP listsClosedJeff LucovskyActions
Related to Feature #3887: yaml: Increase maximum size for address varsClosedJeff LucovskyActions
Related to Feature #1096: tls: client certificate handlingAssignedCommunity TicketActions
Related to Feature #4162: rules: entropy transform keywordNewActions
Related to Task #4165: rust: nom 6NewActions
Related to Feature #4174: tracking: app_record / pdu inspection supportAssignedVictor JulienActions
Related to Feature #4175: dcerpc: higher level loggingNewCommunity TicketActions
Related to Feature #273: IRC protocol detection supportNewCommunity TicketActions
Related to Feature #776: rules: Add smtp_envelope and smtp_header keywordsNewCommunity TicketActions
Related to Feature #120: Capture full session on alertIn ReviewScott JordanActions
#1

Updated by Victor Julien 6 months ago

  • Related to Task #3307: Research: evaluate future of lua support in Suricata added
#2

Updated by Victor Julien 6 months ago

  • Related to Task #3329: Research: WASM as a Lua alternative and for dynamically loadable modules added
#3

Updated by Victor Julien 6 months ago

  • Related to Task #2693: tracking: libsuricata added
#4

Updated by Victor Julien 6 months ago

  • Related to Feature #4099: allow rule keyword registration from app-layer added
#5

Updated by Jason Ish 6 months ago

#6

Updated by Victor Julien 6 months ago

  • Related to Feature #3954: Optimize handling of encapsulation in cloud deployment added
#7

Updated by Victor Julien 6 months ago

#8

Updated by Jason Ish 6 months ago

  • Related to Optimization #4126: Threaded eve logging for output types other than regular file (socket, plugins, redis etc) added
#9

Updated by Jason Ish 6 months ago

#10

Updated by Jason Ish 6 months ago

  • Related to Bug #2224: Negated http_* match returns false if buffer not populated added
#11

Updated by Jason Ish 6 months ago

  • Related to Bug #4138: A stable flow ID for dump/restore of state as well as state synchronization added
#12

Updated by Jason Ish 6 months ago

  • Related to Feature #2448: Add additional buffers for DNS Responses added
#13

Updated by Jason Ish 6 months ago

#14

Updated by Victor Julien 6 months ago

#15

Updated by Victor Julien 6 months ago

  • Related to Task #4143: tracking: file.data improvements added
#16

Updated by Jeff Lucovsky 6 months ago

  • Related to Feature #2487: Buffers for field/value pairs in http_uri and http_client_body added
#17

Updated by Jeff Lucovsky 6 months ago

#18

Updated by Jeff Lucovsky 6 months ago

  • Related to Feature #3494: rules: Keyword for determining if the http_host is an ip address added
#19

Updated by Jeff Lucovsky 6 months ago

#20

Updated by Jeff Lucovsky 6 months ago

  • Related to Feature #3260: SMTP Base64 Decoding of Message Body added
#21

Updated by Jeff Lucovsky 6 months ago

  • Related to Feature #3261: SMTP quoted-printable Decoding of Message Body added
#22

Updated by Jeff Lucovsky 6 months ago

  • Related to Feature #2486: prefilter/fast_pattern logic for flowbits added
#23

Updated by Jeff Lucovsky 6 months ago

  • Related to Feature #4089: rules: Flexible format transform added
#24

Updated by Jeff Lucovsky 6 months ago

  • Related to Task #4146: Research: Hand off packet streams on alerts added
#25

Updated by Jeff Lucovsky 6 months ago

#26

Updated by Jeff Lucovsky 6 months ago

  • Related to Feature #4148: Research: SSH Support for additional protocol analysis added
#27

Updated by Jeff Lucovsky 6 months ago

#28

Updated by Jeff Lucovsky 6 months ago

  • Related to Feature #4150: Profiling mode: Ticks used to generate an alert available? added
#29

Updated by Jeff Lucovsky 6 months ago

  • Related to Task #4151: Research: New protocol support added
#30

Updated by Victor Julien 6 months ago

  • Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools added
#31

Updated by Jason Ish 6 months ago

  • Related to Feature #2755: vendor id / vid keyword to give rulesets unique sid ranges added
#32

Updated by Jason Ish 6 months ago

  • Related to Bug #2190: apparent 1000 character limit in threshold.conf IP lists added
#33

Updated by Jason Ish 6 months ago

  • Related to Feature #3887: yaml: Increase maximum size for address vars added
#34

Updated by Victor Julien 6 months ago

  • Related to Feature #1096: tls: client certificate handling added
#35

Updated by Victor Julien 6 months ago

  • Related to Feature #4162: rules: entropy transform keyword added
#36

Updated by Victor Julien 6 months ago

#37

Updated by Victor Julien 6 months ago

  • Related to Feature #4174: tracking: app_record / pdu inspection support added
#38

Updated by Victor Julien 6 months ago

#39

Updated by Victor Julien 6 months ago

  • Related to Feature #273: IRC protocol detection support added
#40

Updated by Victor Julien 6 months ago

  • Related to Feature #776: rules: Add smtp_envelope and smtp_header keywords added
#41

Updated by Jason Ish 6 months ago

  • Related to Feature #120: Capture full session on alert added

Also available in: Atom PDF