Actions
Feature #5681
opendatasets: add more transform layers to match on domains
Effort:
Difficulty:
Label:
Updated by Juliana Fajardini Reichow about 3 years ago
- Related to Task #5488: Suricon 2022 brainstorm added
Updated by Victor Julien about 3 years ago
- Related to Feature #5639: datasets: allow matching on extracted domain added
Updated by Brandon Murphy about 2 years ago
some ability to replicate this detection logic in datasets is key for supporting IOC based detection via datasets instead to typical content based rules.
using dns.query as an exampleO:
dns.query; dotprefix; content:".google.com"; endswith;
directly related to #5639, though if the implementation of the PSL (as seen within https://github.com/OISF/suricata/pull/8155) is a blocker i'd be fine without having that feature implemented.
Updated by Juliana Fajardini Reichow about 2 years ago
- Related to Task #6443: Suricon 2023 brainstorm added
Updated by Jason Ish over 1 year ago
- Related to Feature #6802: Support Domain rollup using existing dataset library added
Updated by Victor Julien 16 days ago
- Status changed from New to Feedback
- Assignee changed from OISF Dev to Community Ticket
Unsure if there is more to do here with #5639 merged. Any ideas?
Actions