Project

General

Profile

Actions

Task #5050

open

Feature #4174: tracking: app-layer frame inspection support

rules/frames: settle on rule syntax

Added by Victor Julien 10 months ago. Updated about 1 month ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Currently frames are accessed through a frames keyword. We could also allow using the frame names directly in rules, like alert sip ... (request_line; content:"REGISTER"; ...). This needs more thought about how it ties in to other rule syntax.

See also https://github.com/OISF/suricata/pull/6915/commits/ae71c5813fd77d22a5e03b71b1012d670b13b698


Related issues 2 (2 open0 closed)

Related to Task #5181: detect/engine-analyzer: add rule analyzer warnings about rules that could use the frame keyword/semantics/featureNewJuliana Fajardini ReichowActions
Related to Documentation #4705: userguide: add sections about frame supportNewVictor JulienActions
Actions #1

Updated by Juliana Fajardini Reichow 9 months ago

  • Related to Task #5181: detect/engine-analyzer: add rule analyzer warnings about rules that could use the frame keyword/semantics/feature added
Actions #2

Updated by Juliana Fajardini Reichow 9 months ago

Actions #3

Updated by Victor Julien about 1 month ago

  • Target version changed from 7.0.0-beta1 to 8.0beta1
Actions

Also available in: Atom PDF