Project

General

Profile

Actions
Copy link

Feature #5681

open

datasets: add more transform layers to match on domains

Added by Juliana Fajardini Reichow over 1 year ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Related issues 4 (4 open0 closed)

Related to Suricata - Task #5488: Suricon 2022 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #5639: Allow dataset to match on extracted domainIn ReviewEric LeblondActions
Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #6802: Support Domain rollup using existing dataset libraryNewOISF DevActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow over 1 year ago

  • Related to Task #5488: Suricon 2022 brainstorm added
Actions
Copy link
 #2

Updated by Victor Julien over 1 year ago

  • Related to Feature #5639: Allow dataset to match on extracted domain added
Actions
Copy link
 #3

Updated by Brandon Murphy 5 months ago

some ability to replicate this detection logic in datasets is key for supporting IOC based detection via datasets instead to typical content based rules.

using dns.query as an exampleO:

dns.query; dotprefix; content:".google.com"; endswith;

directly related to #5639, though if the implementation of the PSL (as seen within https://github.com/OISF/suricata/pull/8155) is a blocker i'd be fine without having that feature implemented.

Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow 5 months ago

  • Related to Task #6443: Suricon 2023 brainstorm added
Actions
Copy link
 #5

Updated by Jason Ish 2 days ago

  • Related to Feature #6802: Support Domain rollup using existing dataset library added
Actions
Copy link

Also available in: Atom PDF