Actions
Feature #5681
open
JF
CT
datasets: add more transform layers to match on domains
Feature #5681:
datasets: add more transform layers to match on domains
Effort:
Difficulty:
Label:
JF Updated by Juliana Fajardini Reichow over 3 years ago
- Related to Task #5488: Suricon 2022 brainstorm added
VJ Updated by Victor Julien over 3 years ago
- Related to Feature #5639: datasets: allow matching on extracted domain added
BM Updated by Brandon Murphy over 2 years ago
some ability to replicate this detection logic in datasets is key for supporting IOC based detection via datasets instead to typical content based rules.
using dns.query as an exampleO:
dns.query; dotprefix; content:".google.com"; endswith;
directly related to #5639, though if the implementation of the PSL (as seen within https://github.com/OISF/suricata/pull/8155) is a blocker i'd be fine without having that feature implemented.
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Task #6443: Suricon 2023 brainstorm added
JI Updated by Jason Ish almost 2 years ago
- Related to Feature #6802: Support Domain rollup using existing dataset library added
VJ Updated by Victor Julien 5 months ago
- Status changed from New to Feedback
- Assignee changed from OISF Dev to Community Ticket
Unsure if there is more to do here with #5639 merged. Any ideas?
Actions