Feature #5646: rules: allow matching on flow pkts and bytes in either direction - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #5646

closed

VJ SB

Task #5645: tracking: elephant flow detection

rules: allow matching on flow pkts and bytes in either direction

Feature #5646: rules: allow matching on flow pkts and bytes in either direction

Added by Victor Julien over 3 years ago. Updated 12 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Shivani Bhardwaj

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Description

Probably need some logic to express direction, e.g.

flow.pkts:toserver,>,10000;
flow.pkts:either,=,10000;
flow.bytes:both,>,1G;

Exact syntax TBD.

Related issues 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #5646

rules: allow matching on flow pkts and bytes in either direction

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#1

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
#3

PM Updated by Peter Manev almost 2 years ago Actions
Copy link
#4

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
#5

SB Updated by Shivani Bhardwaj over 1 year ago Actions
Copy link
#6

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
#7

SB Updated by Shivani Bhardwaj over 1 year ago Actions
Copy link
#8

SB Updated by Shivani Bhardwaj over 1 year ago Actions
Copy link
#9

SB Updated by Shivani Bhardwaj over 1 year ago · Edited Actions
Copy link
#10

SB Updated by Shivani Bhardwaj about 1 year ago Actions
Copy link
#11

VJ Updated by Victor Julien 12 months ago Actions
Copy link
#12

Project

General

Profile

Suricata

Custom queries

Feature #5646

rules: allow matching on flow pkts and bytes in either direction

PA Updated by Philippe Antoine over 2 years ago ActionsCopy link #1

PA Updated by Philippe Antoine over 2 years ago ActionsCopy link #2

VJ Updated by Victor Julien almost 2 years ago ActionsCopy link #3

PM Updated by Peter Manev almost 2 years ago ActionsCopy link #4

PA Updated by Philippe Antoine almost 2 years ago ActionsCopy link #5

SB Updated by Shivani Bhardwaj over 1 year ago ActionsCopy link #6

VJ Updated by Victor Julien over 1 year ago ActionsCopy link #7

SB Updated by Shivani Bhardwaj over 1 year ago ActionsCopy link #8

SB Updated by Shivani Bhardwaj over 1 year ago ActionsCopy link #9

SB Updated by Shivani Bhardwaj over 1 year ago · Edited ActionsCopy link #10

SB Updated by Shivani Bhardwaj about 1 year ago ActionsCopy link #11

VJ Updated by Victor Julien 12 months ago ActionsCopy link #12

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#1

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
#3

PM Updated by Peter Manev almost 2 years ago Actions
Copy link
#4

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
#5

SB Updated by Shivani Bhardwaj over 1 year ago Actions
Copy link
#6

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
#7

SB Updated by Shivani Bhardwaj over 1 year ago Actions
Copy link
#8

SB Updated by Shivani Bhardwaj over 1 year ago Actions
Copy link
#9

SB Updated by Shivani Bhardwaj over 1 year ago · Edited Actions
Copy link
#10

SB Updated by Shivani Bhardwaj about 1 year ago Actions
Copy link
#11

VJ Updated by Victor Julien 12 months ago Actions
Copy link
#12