Project

General

Profile

Actions

Task #4097

open

Suricon 2020 brainstorm

Added by Victor Julien 11 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
-
Effort:
Difficulty:
Label:

Description

Tracking ticket for the virtual brainstorm in November 2020.


Related issues

Related to Task #3307: Research: evaluate future of lua support in SuricataNewOISF DevActions
Related to Task #3329: Research: WASM as a Lua alternative and for dynamically loadable modulesAssignedJason IshActions
Related to Task #2693: tracking: libsuricataAssignedJason IshActions
Related to Feature #4099: allow rule keyword registration from app-layerAssignedVictor JulienActions
Related to Task #4101: tracking: pluginsNewJason IshActions
Related to Feature #3954: Optimize handling of encapsulation in cloud deploymentNewActions
Related to Feature #3306: Support AF_XDP capture methodAssignedEric LeblondActions
Related to Optimization #4126: Threaded eve logging for output types other than regular file (socket, plugins, redis etc)ClosedJeff LucovskyActions
Related to Feature #1199: LDAP supportIn ProgressPierre ChifflierActions
Related to Bug #2224: Negated http_* match returns false if buffer not populatedNewOISF DevActions
Related to Bug #4138: A stable flow ID for dump/restore of state as well as state synchronizationNewActions
Related to Feature #2448: Add additional buffers for DNS ResponsesNewOISF DevActions
Related to Feature #4140: IEC104 Protocol SupportAssignedStian BergsethActions
Related to Optimization #4141: file.data: inspect File objects for HTTPAssignedJeff LucovskyActions
Related to Task #4143: tracking: file.data improvementsAssignedJeff LucovskyActions
Related to Feature #2487: Buffers for field/value pairs in http_uri and http_client_bodyNewOISF DevActions
Related to Feature #2488: HTML Parsing / BuffersNewOISF DevActions
Related to Feature #3494: rules: Keyword for determining if the http_host is an ip addressNewActions
Related to Feature #3285: rules: XOR keywordIn ProgressSimon DugasActions
Related to Feature #3260: SMTP Base64 Decoding of Message BodyNewOISF DevActions
Related to Feature #3261: SMTP quoted-printable Decoding of Message BodyNewOISF DevActions
Related to Feature #2486: prefilter/fast_pattern logic for flowbitsAssignedVictor JulienActions
Related to Feature #4089: rules: Flexible format transformAssignedJeff LucovskyActions
Related to Task #4146: Research: Hand off packet streams on alertsNewCommunity TicketActions
Related to Feature #4147: Map rules to MITRE ATT&CKFeedbackCommunity TicketActions
Related to Feature #4148: Research: SSH Support for additional protocol analysisNewCommunity TicketActions
Related to Feature #4149: Research: Dynamic datasetsFeedbackCommunity TicketActions
Related to Feature #4150: Profiling mode: Ticks used to generate an alert available?NewCommunity TicketActions
Related to Task #4151: Research: New protocol supportNewCommunity TicketActions
Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption toolsAssignedVictor JulienActions
Related to Feature #2755: vendor id / vid keyword to give rulesets unique sid rangesNewOISF DevActions
Related to Bug #2190: apparent 1000 character limit in threshold.conf IP listsClosedJeff LucovskyActions
Related to Feature #3887: yaml: Increase maximum size for address varsClosedJeff LucovskyActions
Related to Feature #1096: tls: client certificate handlingAssignedCommunity TicketActions
Related to Feature #4162: rules: entropy transform keywordNewActions
Related to Task #4165: rust: nom 7In ProgressActions
Related to Feature #4174: tracking: app_record / pdu inspection supportAssignedVictor JulienActions
Related to Feature #4175: dcerpc: higher level loggingNewCommunity TicketActions
Related to Feature #273: IRC protocol detection supportNewCommunity TicketActions
Related to Feature #776: rules: Add smtp_envelope and smtp_header keywordsNewCommunity TicketActions
Related to Feature #120: Capture full session on alertIn ReviewScott JordanActions
Actions #1

Updated by Victor Julien 11 months ago

  • Related to Task #3307: Research: evaluate future of lua support in Suricata added
Actions #2

Updated by Victor Julien 11 months ago

  • Related to Task #3329: Research: WASM as a Lua alternative and for dynamically loadable modules added
Actions #3

Updated by Victor Julien 11 months ago

  • Related to Task #2693: tracking: libsuricata added
Actions #4

Updated by Victor Julien 11 months ago

  • Related to Feature #4099: allow rule keyword registration from app-layer added
Actions #5

Updated by Jason Ish 11 months ago

Actions #6

Updated by Victor Julien 11 months ago

  • Related to Feature #3954: Optimize handling of encapsulation in cloud deployment added
Actions #7

Updated by Victor Julien 10 months ago

Actions #8

Updated by Jason Ish 10 months ago

  • Related to Optimization #4126: Threaded eve logging for output types other than regular file (socket, plugins, redis etc) added
Actions #9

Updated by Jason Ish 10 months ago

Actions #10

Updated by Jason Ish 10 months ago

  • Related to Bug #2224: Negated http_* match returns false if buffer not populated added
Actions #11

Updated by Jason Ish 10 months ago

  • Related to Bug #4138: A stable flow ID for dump/restore of state as well as state synchronization added
Actions #12

Updated by Jason Ish 10 months ago

  • Related to Feature #2448: Add additional buffers for DNS Responses added
Actions #13

Updated by Jason Ish 10 months ago

Actions #14

Updated by Victor Julien 10 months ago

Actions #15

Updated by Victor Julien 10 months ago

  • Related to Task #4143: tracking: file.data improvements added
Actions #16

Updated by Jeff Lucovsky 10 months ago

  • Related to Feature #2487: Buffers for field/value pairs in http_uri and http_client_body added
Actions #17

Updated by Jeff Lucovsky 10 months ago

Actions #18

Updated by Jeff Lucovsky 10 months ago

  • Related to Feature #3494: rules: Keyword for determining if the http_host is an ip address added
Actions #19

Updated by Jeff Lucovsky 10 months ago

Actions #20

Updated by Jeff Lucovsky 10 months ago

  • Related to Feature #3260: SMTP Base64 Decoding of Message Body added
Actions #21

Updated by Jeff Lucovsky 10 months ago

  • Related to Feature #3261: SMTP quoted-printable Decoding of Message Body added
Actions #22

Updated by Jeff Lucovsky 10 months ago

  • Related to Feature #2486: prefilter/fast_pattern logic for flowbits added
Actions #23

Updated by Jeff Lucovsky 10 months ago

  • Related to Feature #4089: rules: Flexible format transform added
Actions #24

Updated by Jeff Lucovsky 10 months ago

  • Related to Task #4146: Research: Hand off packet streams on alerts added
Actions #25

Updated by Jeff Lucovsky 10 months ago

Actions #26

Updated by Jeff Lucovsky 10 months ago

  • Related to Feature #4148: Research: SSH Support for additional protocol analysis added
Actions #27

Updated by Jeff Lucovsky 10 months ago

Actions #28

Updated by Jeff Lucovsky 10 months ago

  • Related to Feature #4150: Profiling mode: Ticks used to generate an alert available? added
Actions #29

Updated by Jeff Lucovsky 10 months ago

  • Related to Task #4151: Research: New protocol support added
Actions #30

Updated by Victor Julien 10 months ago

  • Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools added
Actions #31

Updated by Jason Ish 10 months ago

  • Related to Feature #2755: vendor id / vid keyword to give rulesets unique sid ranges added
Actions #32

Updated by Jason Ish 10 months ago

  • Related to Bug #2190: apparent 1000 character limit in threshold.conf IP lists added
Actions #33

Updated by Jason Ish 10 months ago

  • Related to Feature #3887: yaml: Increase maximum size for address vars added
Actions #34

Updated by Victor Julien 10 months ago

  • Related to Feature #1096: tls: client certificate handling added
Actions #35

Updated by Victor Julien 10 months ago

  • Related to Feature #4162: rules: entropy transform keyword added
Actions #36

Updated by Victor Julien 10 months ago

Actions #37

Updated by Victor Julien 10 months ago

  • Related to Feature #4174: tracking: app_record / pdu inspection support added
Actions #38

Updated by Victor Julien 10 months ago

Actions #39

Updated by Victor Julien 10 months ago

  • Related to Feature #273: IRC protocol detection support added
Actions #40

Updated by Victor Julien 10 months ago

  • Related to Feature #776: rules: Add smtp_envelope and smtp_header keywords added
Actions #41

Updated by Jason Ish 10 months ago

  • Related to Feature #120: Capture full session on alert added
Actions

Also available in: Atom PDF