⚲

Project

General

Profile

Home
Projects
Help

Search:

Suricata

All Projects

Suricata

Overview
Activity
Roadmap
Issues
Wiki
Files

Custom queries

8.0.0 Stories
Good First Issues
OISF community

Actions

Copy link

Task #4772

open

tracking: parity between fields logged and fields available for detection

Added by Victor Julien over 3 years ago. Updated 3 months ago.

Status:

Assigned

Priority:

Normal

Assignee:

Victor Julien

Target version:

TBD

Effort:

Difficulty:

Label:

Subtasks 7 (4 open — 3 closed)

Feature #4153: app-layer: rust derive style macros to generate common code	Assigned	Jason Ish	Actions
Optimization #4154: Rust Parsers: Abstract AppLayer events to a derive macro	Closed	Jason Ish	Actions
Feature #5642: DNS: parity between log fields and detection	Assigned	Jason Ish	Actions
Feature #6621: dns: add keyword for dns rcode: dns.rcode	Closed	Hadiqa Alamdar Bukhari	Actions
Feature #6666: dns: add keyword for dns rrtype: dns.rrtype	Closed	Hadiqa Alamdar Bukhari	Actions
Task #6476: ftp: parity of logging and detection buffers	In Progress	Jeff Lucovsky	Actions
Story #6597: rules: improve rules keyword/output parity	New	Victor Julien	Actions

Related issues 9 (7 open — 2 closed)

Related to Suricata - Task #4762: Suricon 2021 brainstorm	Assigned	Victor Julien	Actions
Related to Suricata - Feature #4174: tracking: app-layer frame inspection support	In Progress	Victor Julien	Actions
Related to Suricata - Feature #6164: rules: allow matching on flow pkts and bytes	Closed	Philippe Antoine	Actions
Related to Suricata - Feature #5234: tls: subjectAltName buffer	Closed	Shivani Bhardwaj	Actions
Related to Suricata - Task #6443: Suricon 2023 brainstorm	Assigned	Victor Julien	Actions
Related to Suricata - Task #6473: detect: smtp keyword coverage	Assigned	Victor Julien	Actions
Related to Suricata - Feature #4876: Additional FTP Buffers	New	Jeff Lucovsky	Actions
Related to Suricata - Task #6463: eve/output: investigate how to track coverage / parity	In Progress	Jason Ish	Actions
Related to Suricata - Feature #7100: smb: additional keywords	New	OISF Dev	Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by Victor Julien over 3 years ago

Related to Feature #2021: doc: sha256 filesum extraction missing in documentation added

Actions

Copy link

Updated by Victor Julien over 3 years ago

Related to deleted (Feature #2021: doc: sha256 filesum extraction missing in documentation)

Actions

Copy link

Updated by Victor Julien over 3 years ago

Related to Task #4762: Suricon 2021 brainstorm added

Actions

Copy link

Updated by Victor Julien about 3 years ago

Related to Feature #4174: tracking: app-layer frame inspection support added

Actions

Copy link

Updated by Jason Ish over 2 years ago

Related to Feature #5642: DNS: parity between log fields and detection added

Actions

Copy link

Updated by Philippe Antoine over 2 years ago

My next thing here is to look into the schema.json for integers where there are no signature keywords, starting by the flow.nbpackets or such (as I did flow.age last)

Actions

Copy link