Project

General

Profile

Actions
Copy link

Feature #5681

open

datasets: add more transform layers to match on domains

Added by Juliana Fajardini Reichow about 1 year ago. Updated 26 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Related issues 3 (3 open0 closed)

Related to Suricata - Task #5488: Suricon 2022 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #5639: Allow dataset to match on extracted domainIn ReviewEric LeblondActions
Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow about 1 year ago

  • Related to Task #5488: Suricon 2022 brainstorm added
Actions
Copy link
 #2

Updated by Victor Julien about 1 year ago

  • Related to Feature #5639: Allow dataset to match on extracted domain added
Actions
Copy link
 #3

Updated by Brandon Murphy 26 days ago

some ability to replicate this detection logic in datasets is key for supporting IOC based detection via datasets instead to typical content based rules.

using dns.query as an exampleO:

dns.query; dotprefix; content:".google.com"; endswith;

directly related to #5639, though if the implementation of the PSL (as seen within https://github.com/OISF/suricata/pull/8155) is a blocker i'd be fine without having that feature implemented.

Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow 24 days ago

  • Related to Task #6443: Suricon 2023 brainstorm added
Actions
Copy link

Also available in: Atom PDF