Actions
Task #4772
opentracking: parity between fields logged and fields available for detection
Effort:
Difficulty:
Label:
Updated by Victor Julien over 2 years ago
- Related to Feature #2021: doc: sha256 filesum extraction missing in documentation added
Updated by Victor Julien over 2 years ago
- Related to deleted (Feature #2021: doc: sha256 filesum extraction missing in documentation)
Updated by Victor Julien over 2 years ago
- Related to Task #4762: Suricon 2021 brainstorm added
Updated by Victor Julien about 2 years ago
- Related to Feature #4174: tracking: app-layer frame inspection support added
Updated by Jason Ish over 1 year ago
- Related to Feature #5642: DNS: parity between log fields and detection added
Updated by Philippe Antoine over 1 year ago
My next thing here is to look into the schema.json for integers where there are no signature keywords, starting by the flow.nbpackets or such (as I did flow.age last)
Updated by Philippe Antoine 10 months ago
- Related to Feature #6164: detect: new keyword flow.pkts_toclient to server and bytes as well added
Updated by Juliana Fajardini Reichow 8 months ago
- Related to Feature #5234: SSL/TLS Sticky Buffer for subjectAltName added
Updated by Juliana Fajardini Reichow 8 months ago
Added #5234 as related as it seems that we parse and log the info, but it's not accessible to the rule language.
Updated by Philippe Antoine 6 months ago
- Related to Task #6443: Suricon 2023 brainstorm added
Updated by Juliana Fajardini Reichow 6 months ago
- Related to Task #6473: detect: smtp keyword coverage added
Updated by Juliana Fajardini Reichow 6 months ago
- Related to Feature #4876: Additional FTP Buffers added
Updated by Juliana Fajardini Reichow 5 months ago
- Related to Task #6463: eve/output: investigate how to track coverage / parity added
Updated by Juliana Fajardini Reichow 5 months ago
- Related to Task #6597: rules keyword/output parity: improve added
Updated by Victor Julien 14 days ago
- Target version changed from TBD to 8.0.0-beta1
Actions