Feature #4774: rules: analysis output that shows rules per 'progress' value - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4774

open

rules: analysis output that shows rules per 'progress' value

Added by Victor Julien over 2 years ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

Effort:

Difficulty:

Label:

Description

JSON (and/or YAML?) output to show the protocol progress states vs the rules that are evaluated per state. Perhaps also a variant that just shows the engines.

E.g. something like

progress:
  htp_request_line:
    engines:
      - http.method
      - http.uri
    sids:
      - 555
      - 444
  htp_request_headers:
    engines:
      - http.headers
      - http.headers_raw
      - http.start
    sids:
      - 111
      - 222

Goal is to provide more insight into how rules are evaluated / in what order they are executed.

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #4774

rules: analysis output that shows rules per 'progress' value