Actions
Feature #5082
closedsmb: keyword for matching the SMB files
Effort:
Difficulty:
Label:
Description
It would be nice to have a keyword that allows to match the filenames that are being accessed/created through smb create requests.
Updated by Philippe Antoine over 2 years ago
- Status changed from New to In Review
Updated by Victor Julien about 2 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien almost 2 years ago
- Target version changed from 7.0.0-rc1 to 8.0.0-beta1
Updated by Jason Ish over 1 year ago
- Status changed from In Review to New
- Assignee changed from Eloy Pérez to Community Ticket
Changing status to new as the pull request has gone stale: https://github.com/OISF/suricata/pull/7337
Updated by Jason Taylor about 1 year ago
- Assignee changed from Community Ticket to Jason Taylor
Updated by Jason Taylor 8 months ago
Looking at this ticket again and the functionality, it seems like the desired functionality is available from the file.name keyword today. I tested the suricata-verify tests that were created along with the pull request and those pcaps fire the expected alerts using file.name.
What are the thoughts around continuing this work?
Actions