Actions
Feature #5082
closed
EP
JT
smb: keyword for matching the SMB files
Feature #5082:
smb: keyword for matching the SMB files
Effort:
Difficulty:
Label:
Description
It would be nice to have a keyword that allows to match the filenames that are being accessed/created through smb create requests.
PA Updated by Philippe Antoine about 4 years ago
- Status changed from New to In Review
VJ Updated by Victor Julien over 3 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
VJ Updated by Victor Julien about 3 years ago
- Target version changed from 7.0.0-rc1 to 8.0.0-beta1
JI Updated by Jason Ish over 2 years ago
- Status changed from In Review to New
- Assignee changed from Eloy Pérez to Community Ticket
Changing status to new as the pull request has gone stale: https://github.com/OISF/suricata/pull/7337
JT Updated by Jason Taylor over 2 years ago
- Assignee changed from Community Ticket to Jason Taylor
JT Updated by Jason Taylor about 2 years ago
Looking at this ticket again and the functionality, it seems like the desired functionality is available from the file.name keyword today. I tested the suricata-verify tests that were created along with the pull request and those pcaps fire the expected alerts using file.name.
What are the thoughts around continuing this work?
JT Updated by Jason Taylor almost 2 years ago
- Status changed from New to Resolved
JT Updated by Jason Taylor almost 2 years ago
- Status changed from Resolved to Closed
Actions