Actions
Task #5181
opendetect/engine-analyzer: add rule analyzer warnings about rules that could use the frame keyword/semantics/feature
Effort:
Difficulty:
Label:
Description
With the addition of frame support, the rule analyzer could now also check for rules with patterns like:
- For SMB traffic: check for content "|FF|" or "|FE|" (especially with "startswith")
- For TLS traffic: check for contents "|16 03 03|" (especially with "startswith")
- ... similar patterns for other protocols
And issue warnings that those can be converted to the new frame semantics.
This task must wait on the definition of the frame keyword/semantics syntax.
Updated by Juliana Fajardini Reichow almost 3 years ago
- Related to Task #5050: rules/frames: settle on rule syntax added
Updated by Juliana Fajardini Reichow about 2 years ago
- Target version changed from TBD to 8.0.0-beta1
Updated by Victor Julien 12 months ago
- Assignee changed from Juliana Fajardini Reichow to OISF Dev
Actions