Actions
Feature #5639
closed
EL
EL
datasets: allow matching on extracted domain
Feature #5639:
datasets: allow matching on extracted domain
Effort:
Difficulty:
Label:
Description
When matching on tls.sni or http.host, it is convenient to match on the domain name inside the value instead of matching on the full value. If endswith can be used for one domain in one signature using dataset would be more useful.
VJ Updated by Victor Julien over 3 years ago
- Related to Feature #5681: datasets: add more transform layers to match on domains added
EL Updated by Eric Leblond about 2 years ago
We stopped the discussion on which crate to use:
- https://crates.io/crates/publicsuffix
- https://crates.io/crates/psl
What should we do here ?
Both crates are from the same author. Psl has a list built at compile time but it is supposed to be faster than publicsuffix. This last one load a file that will need to be provided by suricata or installer if we want the feature to work out of the box.
JI Updated by Jason Ish almost 2 years ago
- Related to Feature #6802: Support Domain rollup using existing dataset library added
VJ Updated by Victor Julien 4 months ago
- Status changed from In Review to Closed
VJ Updated by Victor Julien 4 months ago
- Subject changed from Allow dataset to match on extracted domain to datasets: allow matching on extracted domain
- Target version changed from TBD to 8.0.0-beta1
Actions