Project

General

Profile

Actions
Copy link

Task #5645

open
VJ OD

tracking: elephant flow detection

Task #5645: tracking: elephant flow detection

Added by Victor Julien over 3 years ago. Updated 4 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Subtasks 8 (4 open4 closed)

Feature #5646: rules: allow matching on flow pkts and bytes in either directionClosedShivani BhardwajActions
Feature #5647: rules: mark flow as elephant flowClosedShivani BhardwajActions
Feature #5648: flowworker: heuristic to see how busy a thread is with elephant flowsNewOISF DevActions
Feature #5649: eve.flow: add thread id(s) processing a flow to the recordNewOISF DevActions
Feature #5650: unix socket: query threads about most recent elephant flowsNewOISF DevActions
Feature #6164: rules: allow matching on flow pkts and bytesClosedPhilippe AntoineActions
Feature #7438: detect: add flow.rate keywordAssignedShivani BhardwajActions
Feature #8117: rules: flow.elephant keywordClosedShivani BhardwajActions

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #3271: Add keyword to determine flow based speed/bwNewOISF DevActions

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #1

  • Subtask #5646 added

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #2

  • Subtask #5647 added

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #3

  • Subtask #5648 added

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #4

  • Subtask #5649 added

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #5

  • Subtask #5650 added

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #6

  • Related to Feature #3271: Add keyword to determine flow based speed/bw added

SB Updated by Shivani Bhardwaj over 1 year ago Actions
Copy link
 #7

  • Subtask #6164 added

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #8

Why do we want that feature in Suricata ?
Cannot we have rules using flow and bypass keywords for the use case I see ?

SB Updated by Shivani Bhardwaj over 1 year ago Actions
Copy link
 #9

  • Subtask #7438 added

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #10

  • Subtask #8117 added
Actions
Copy link

Also available in: PDF Atom