Project

General

Profile

Actions

Task #4772

open

tracking: parity between fields logged and fields available for detection

Added by Victor Julien over 2 years ago. Updated about 1 month ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Subtasks 1 (1 open0 closed)

Task #6476: ftp: parity of logging and detection buffersNewOISF DevActions

Related issues 10 (9 open1 closed)

Related to Suricata - Task #4762: Suricon 2021 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #4174: tracking: app-layer frame inspection supportIn ProgressVictor JulienActions
Related to Suricata - Feature #5642: DNS: parity between log fields and detectionNewOISF DevActions
Related to Suricata - Feature #6164: detect: new keyword flow.pkts_toclient to server and bytes as wellClosedPhilippe AntoineActions
Related to Suricata - Feature #5234: SSL/TLS Sticky Buffer for subjectAltNameIn ReviewShivani BhardwajActions
Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Related to Suricata - Task #6473: detect: smtp keyword coverageAssignedVictor JulienActions
Related to Suricata - Feature #4876: Additional FTP BuffersNewOISF DevActions
Related to Suricata - Task #6463: eve/output: investigate how to track coverage / parityNewOISF DevActions
Related to Suricata - Task #6597: rules keyword/output parity: improveIn ProgressHadiqa Alamdar BukhariActions
Actions #1

Updated by Victor Julien over 2 years ago

  • Related to Feature #2021: doc: sha256 filesum extraction missing in documentation added
Actions #2

Updated by Victor Julien over 2 years ago

  • Related to deleted (Feature #2021: doc: sha256 filesum extraction missing in documentation)
Actions #3

Updated by Victor Julien over 2 years ago

  • Related to Task #4762: Suricon 2021 brainstorm added
Actions #4

Updated by Victor Julien about 2 years ago

  • Related to Feature #4174: tracking: app-layer frame inspection support added
Actions #5

Updated by Jason Ish over 1 year ago

  • Related to Feature #5642: DNS: parity between log fields and detection added
Actions #6

Updated by Philippe Antoine over 1 year ago

My next thing here is to look into the schema.json for integers where there are no signature keywords, starting by the flow.nbpackets or such (as I did flow.age last)

Actions #7

Updated by Philippe Antoine 11 months ago

  • Related to Feature #6164: detect: new keyword flow.pkts_toclient to server and bytes as well added
Actions #8

Updated by Juliana Fajardini Reichow 9 months ago

  • Related to Feature #5234: SSL/TLS Sticky Buffer for subjectAltName added
Actions #9

Updated by Juliana Fajardini Reichow 9 months ago

Added #5234 as related as it seems that we parse and log the info, but it's not accessible to the rule language.

Actions #10

Updated by Philippe Antoine 6 months ago

  • Related to Task #6443: Suricon 2023 brainstorm added
Actions #11

Updated by Juliana Fajardini Reichow 6 months ago

  • Related to Task #6473: detect: smtp keyword coverage added
Actions #12

Updated by Jason Ish 6 months ago

  • Subtask #6476 added
Actions #13

Updated by Juliana Fajardini Reichow 6 months ago

Actions #14

Updated by Juliana Fajardini Reichow 6 months ago

  • Related to Task #6463: eve/output: investigate how to track coverage / parity added
Actions #15

Updated by Juliana Fajardini Reichow 6 months ago

  • Related to Task #6597: rules keyword/output parity: improve added
Actions #16

Updated by Philippe Antoine about 1 month ago

  • Target version set to TBD
Actions #17

Updated by Victor Julien about 1 month ago

  • Target version changed from TBD to 8.0.0-beta1
Actions

Also available in: Atom PDF