Actions
Feature #5082
closedsmb: keyword for matching the SMB files
Effort:
Difficulty:
Label:
Description
It would be nice to have a keyword that allows to match the filenames that are being accessed/created through smb create requests.
Updated by Philippe Antoine almost 3 years ago
- Status changed from New to In Review
Updated by Victor Julien about 2 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien almost 2 years ago
- Target version changed from 7.0.0-rc1 to 8.0.0-beta1
Updated by Jason Ish over 1 year ago
- Status changed from In Review to New
- Assignee changed from Eloy Pérez to Community Ticket
Changing status to new as the pull request has gone stale: https://github.com/OISF/suricata/pull/7337
Updated by Jason Taylor over 1 year ago
- Assignee changed from Community Ticket to Jason Taylor
Updated by Jason Taylor 10 months ago
Looking at this ticket again and the functionality, it seems like the desired functionality is available from the file.name keyword today. I tested the suricata-verify tests that were created along with the pull request and those pcaps fire the expected alerts using file.name.
What are the thoughts around continuing this work?
Actions