Feature #5681
open
- Related to Task #5488: Suricon 2022 brainstorm added
- Related to Feature #5639: Allow dataset to match on extracted domain added
some ability to replicate this detection logic in datasets is key for supporting IOC based detection via datasets instead to typical content based rules.
using dns.query as an exampleO:
dns.query; dotprefix; content:".google.com"; endswith;
directly related to #5639, though if the implementation of the PSL (as seen within https://github.com/OISF/suricata/pull/8155) is a blocker i'd be fine without having that feature implemented.
- Related to Task #6443: Suricon 2023 brainstorm added
- Related to Feature #6802: Support Domain rollup using existing dataset library added
Also available in: Atom
PDF