Project

General

Profile

Actions

Task #5050

open

Feature #4174: tracking: app-layer frame inspection support

rules/frames: settle on rule syntax

Added by Victor Julien almost 3 years ago. Updated about 2 years ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Currently frames are accessed through a frames keyword. We could also allow using the frame names directly in rules, like alert sip ... (request_line; content:"REGISTER"; ...). This needs more thought about how it ties in to other rule syntax.

See also https://github.com/OISF/suricata/pull/6915/commits/ae71c5813fd77d22a5e03b71b1012d670b13b698


Related issues 2 (2 open0 closed)

Related to Suricata - Task #5181: detect/engine-analyzer: add rule analyzer warnings about rules that could use the frame keyword/semantics/featureNewOISF DevActions
Related to Suricata - Documentation #4705: userguide: add sections about frame supportNewVictor JulienActions
Actions #1

Updated by Juliana Fajardini Reichow over 2 years ago

  • Related to Task #5181: detect/engine-analyzer: add rule analyzer warnings about rules that could use the frame keyword/semantics/feature added
Actions #2

Updated by Juliana Fajardini Reichow over 2 years ago

Actions #3

Updated by Victor Julien about 2 years ago

  • Target version changed from 7.0.0-beta1 to 8.0.0-beta1
Actions

Also available in: Atom PDF