Project

General

Profile

Actions
Copy link

Task #5893

open

tracking: deep file awareness and inspection

Added by Victor Julien about 1 year ago. Updated about 1 year ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
TBD
Effort:
Difficulty:
Label:

Description

It's come up several times that it would be helpful for Suricata to understand file types better for classification and deeper analysis.

Currently Suricata for the most part treats files as binary blobs. The only deeper inspection is through file.magic, which has several issues limiting it's usefulness.

Making Suricata more aware of files and their content and structure will be a significant project.

The goal of this ticket is to track the various ideas that are related to this broad topic.

Related issues 2 (2 open0 closed)

Related to Suricata - Feature #5872: file structure awareness - precise identification of fields in file structsNewCommunity TicketActions
Related to Suricata - Feature #5894: file: file classification keywordFeedbackVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien about 1 year ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Victor Julien about 1 year ago

  • Related to Feature #5872: file structure awareness - precise identification of fields in file structs added
Actions
Copy link
 #3

Updated by Victor Julien about 1 year ago

  • Related to Feature #5894: file: file classification keyword added
Actions
Copy link

Also available in: Atom PDF