Task #4772: tracking: parity between fields logged and fields available for detection - Suricata - Open Information Security Foundation

Actions

Copy link

#1

Updated by Victor Julien over 3 years ago

Related to Feature #2021: doc: sha256 filesum extraction missing in documentation added

Actions

Copy link

#2

Updated by Victor Julien over 3 years ago

Related to deleted (Feature #2021: doc: sha256 filesum extraction missing in documentation)

Actions

Copy link

#3

Updated by Victor Julien over 3 years ago

Related to Task #4762: Suricon 2021 brainstorm added

Actions

Copy link

#4

Updated by Victor Julien about 3 years ago

Related to Feature #4174: tracking: app-layer frame inspection support added

Actions

Copy link

#5

Updated by Jason Ish over 2 years ago

Related to Feature #5642: DNS: parity between log fields and detection added

Actions

Copy link

#6

Updated by Philippe Antoine over 2 years ago

My next thing here is to look into the schema.json for integers where there are no signature keywords, starting by the flow.nbpackets or such (as I did flow.age last)

Actions

Copy link

#7

Updated by Philippe Antoine almost 2 years ago

Related to Feature #6164: rules: allow matching on flow pkts and bytes added

Actions

Copy link

#8

Updated by Juliana Fajardini Reichow almost 2 years ago

Related to Feature #5234: tls: subjectAltName buffer added

Actions

Copy link

#9

Updated by Juliana Fajardini Reichow almost 2 years ago

Added #5234 as related as it seems that we parse and log the info, but it's not accessible to the rule language.

Actions

Copy link

#10

Updated by Philippe Antoine over 1 year ago

Related to Task #6443: Suricon 2023 brainstorm added

Actions

Copy link

#11

Updated by Juliana Fajardini Reichow over 1 year ago

Related to Task #6473: detect: smtp keyword coverage added

Actions

Copy link

#12

Updated by Jason Ish over 1 year ago

Subtask #6476 added

Actions

Copy link

#13

Updated by Juliana Fajardini Reichow over 1 year ago

Related to Feature #4876: Additional FTP Buffers added

Actions

Copy link

#14

Updated by Juliana Fajardini Reichow over 1 year ago

Related to Task #6463: eve/output: investigate how to track coverage / parity added

Actions

Copy link

#15

Updated by Juliana Fajardini Reichow over 1 year ago

Related to Story #6597: rules: improve rules keyword/output parity added

Actions

Copy link

#16

Updated by Philippe Antoine about 1 year ago

Target version set to TBD

Actions

Copy link

#17

Updated by Victor Julien about 1 year ago

Target version changed from TBD to 8.0.0-beta1

Actions

Copy link

#18

Updated by Victor Julien about 1 year ago

@Jason Ish has a script to dump all the eve fields. Perhaps we can use it to map it to rule keywords/buffers.

Actions

Copy link

#19

Updated by Victor Julien 12 months ago

Related to Feature #7100: smb: additional keywords added

Actions

Copy link

#20

Updated by Victor Julien 12 months ago

Target version changed from 8.0.0-beta1 to TBD

Actions

Copy link

#21

Updated by Victor Julien 12 months ago

Subtask #6597 added

Actions

Copy link

#22

Updated by Victor Julien 12 months ago

Subtask #5642 added

Actions

Copy link

#23

Updated by Victor Julien 12 months ago

Subtask #4153 added

Feature #4153: app-layer: rust derive style macros to generate common code	Assigned	Jason Ish	Actions
Optimization #4154: Rust Parsers: Abstract AppLayer events to a derive macro	Closed	Jason Ish	Actions
Feature #5642: DNS: parity between log fields and detection	Assigned	Jason Ish	Actions
Feature #6621: dns: add keyword for dns rcode: dns.rcode	Closed	Hadiqa Alamdar Bukhari	Actions
Feature #6666: dns: add keyword for dns rrtype: dns.rrtype	Closed	Hadiqa Alamdar Bukhari	Actions
Task #6476: ftp: parity of logging and detection buffers	In Progress	Jeff Lucovsky	Actions
Story #6597: rules: improve rules keyword/output parity	New	Victor Julien	Actions

Related to Suricata - Task #4762: Suricon 2021 brainstorm	Assigned	Victor Julien	Actions
Related to Suricata - Feature #4174: tracking: app-layer frame inspection support	In Progress	Victor Julien	Actions
Related to Suricata - Feature #6164: rules: allow matching on flow pkts and bytes	Closed	Philippe Antoine	Actions
Related to Suricata - Feature #5234: tls: subjectAltName buffer	Closed	Shivani Bhardwaj	Actions
Related to Suricata - Task #6443: Suricon 2023 brainstorm	Assigned	Victor Julien	Actions
Related to Suricata - Task #6473: detect: smtp keyword coverage	Assigned	Victor Julien	Actions
Related to Suricata - Feature #4876: Additional FTP Buffers	New	Jeff Lucovsky	Actions
Related to Suricata - Task #6463: eve/output: investigate how to track coverage / parity	In Progress	Jason Ish	Actions
Related to Suricata - Feature #7100: smb: additional keywords	New	OISF Dev	Actions

Project

General

Custom queries

Profile

Suricata

Task #4772

tracking: parity between fields logged and fields available for detection

Updated by Victor Julien over 3 years ago

Updated by Victor Julien over 3 years ago

Updated by Victor Julien over 3 years ago

Updated by Victor Julien about 3 years ago

Updated by Jason Ish over 2 years ago

Updated by Philippe Antoine over 2 years ago

Updated by Philippe Antoine almost 2 years ago

Updated by Juliana Fajardini Reichow almost 2 years ago

Updated by Juliana Fajardini Reichow almost 2 years ago

Updated by Philippe Antoine over 1 year ago

Updated by Juliana Fajardini Reichow over 1 year ago

Updated by Jason Ish over 1 year ago

Updated by Juliana Fajardini Reichow over 1 year ago

Updated by Juliana Fajardini Reichow over 1 year ago

Updated by Juliana Fajardini Reichow over 1 year ago

Updated by Philippe Antoine about 1 year ago

Updated by Victor Julien about 1 year ago

Updated by Victor Julien about 1 year ago

Updated by Victor Julien 12 months ago

Updated by Victor Julien 12 months ago

Updated by Victor Julien 12 months ago

Updated by Victor Julien 12 months ago

Updated by Victor Julien 12 months ago