Actions
Feature #5639
closeddatasets: allow matching on extracted domain
Effort:
Difficulty:
Label:
Description
When matching on tls.sni or http.host, it is convenient to match on the domain name inside the value instead of matching on the full value. If endswith can be used for one domain in one signature using dataset would be more useful.
Updated by Victor Julien about 3 years ago
- Related to Feature #5681: datasets: add more transform layers to match on domains added
Updated by Eric Leblond almost 2 years ago
We stopped the discussion on which crate to use:
- https://crates.io/crates/publicsuffix
- https://crates.io/crates/psl
What should we do here ?
Both crates are from the same author. Psl has a list built at compile time but it is supposed to be faster than publicsuffix. This last one load a file that will need to be provided by suricata or installer if we want the feature to work out of the box.
Updated by Jason Ish over 1 year ago
- Related to Feature #6802: Support Domain rollup using existing dataset library added
Updated by Victor Julien 6 days ago
- Status changed from In Review to Closed
Updated by Victor Julien 6 days ago
- Subject changed from Allow dataset to match on extracted domain to datasets: allow matching on extracted domain
- Target version changed from TBD to 8.0.0-beta1
Actions