Actions
Feature #5646
closedTask #5645: tracking: elephant flow detection
rules: allow matching on flow pkts and bytes in either direction
Effort:
Difficulty:
Label:
Description
Probably need some logic to express direction, e.g.
flow.pkts:toserver,>,10000; flow.pkts:either,=,10000; flow.bytes:both,>,1G;
Exact syntax TBD.
Updated by Philippe Antoine over 1 year ago
- Related to Feature #6164: rules: allow matching on flow pkts and bytes added
Updated by Philippe Antoine over 1 year ago
@Victor Julien is there more to do here after https://redmine.openinfosecfoundation.org/issues/6164 ?
Maybe the sum of both directions ?
Updated by Victor Julien 11 months ago
Not sure if we need the "both" support. Would that be useful? And I guess an "either" option would make sense as well?
Updated by Philippe Antoine 10 months ago
- Related to Feature #7097: Additions to flow detection - size added
Updated by Shivani Bhardwaj 10 months ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
- Target version changed from TBD to 8.0.0-beta1
Updated by Shivani Bhardwaj 8 months ago
- Subject changed from rules: allow matching on flow pkts and bytes to rules: allow matching on flow pkts and bytes in either direction
Updated by Shivani Bhardwaj 8 months ago ยท Edited
- Status changed from Assigned to In Review
Closed by: https://github.com/OISF/suricata/pull/12365
Updated by Shivani Bhardwaj 4 months ago
- Status changed from In Review to Closed
Actions