Support #4694: Is suricata detect http request when http traffic not finished possible? - Suricata - Open Information Security Foundation

Actions

Copy link

Support #4694

closed

Is suricata detect http request when http traffic not finished possible?

Added by Jiacheng Zhong over 2 years ago. Updated 12 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Jiacheng Zhong

Affected Versions:

5.0.0

Label:

Description

I'm writing an Express server to show if the current HTTP Reuqest will cause Suricata to issue an alert.The whole process is in realtime.

The process is:

HTTP-malicious-request -> express -> read alert from eve.json -> send to client

But suricata have no alert when HTTP-malicious-request is arrived express server until http traffic finished or server responce to client.
Is something method available? Thanks :)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Support #4694

Is suricata detect http request when http traffic not finished possible?

Updated by Andreas Herz about 2 years ago

Updated by Victor Julien about 2 years ago

Updated by Philippe Antoine 12 months ago