Project

General

Profile

Actions

Task #5645

open

tracking: elephant flow detection

Added by Victor Julien about 2 years ago. Updated 3 months ago.

Status:
New
Priority:
High
Assignee:
Target version:
Effort:
Difficulty:
Label:

Subtasks 6 (5 open1 closed)

Feature #5646: rules: allow matching on flow pkts and bytes in either directionIn ReviewShivani BhardwajActions
Feature #5647: rules: mark flow as elephant flowIn ReviewShivani BhardwajActions
Feature #5648: flowworker: heuristic to see how busy a thread is with elephant flowsNewOISF DevActions
Feature #5649: eve.flow: add thread id(s) processing a flow to the recordNewOISF DevActions
Feature #5650: unix socket: query threads about most recent elephant flowsNewOISF DevActions
Feature #6164: rules: allow matching on flow pkts and bytesClosedPhilippe AntoineActions

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #3271: Add keyword to determine flow based speed/bwNewOISF DevActions
Actions #1

Updated by Victor Julien about 2 years ago

  • Subtask #5646 added
Actions #2

Updated by Victor Julien about 2 years ago

  • Subtask #5647 added
Actions #3

Updated by Victor Julien about 2 years ago

  • Subtask #5648 added
Actions #4

Updated by Victor Julien about 2 years ago

  • Subtask #5649 added
Actions #5

Updated by Victor Julien about 2 years ago

  • Subtask #5650 added
Actions #6

Updated by Victor Julien about 2 years ago

  • Related to Feature #3271: Add keyword to determine flow based speed/bw added
Actions #7

Updated by Shivani Bhardwaj 3 months ago

  • Subtask #6164 added
Actions #8

Updated by Philippe Antoine 3 months ago

Why do we want that feature in Suricata ?
Cannot we have rules using flow and bypass keywords for the use case I see ?

Actions

Also available in: Atom PDF