Actions
Feature #6198
open
AD
OD
smtp: add keywords for use in rules
Feature #6198:
smtp: add keywords for use in rules
Description
Suricata has an app-layer parser / protocol support for SMTP builtin since long time ago, but no keywords are available for use in rules.
This feature request wants to add SMTP keyword support to Suricata, so that these keywords can be used in rules.
To focus development, this ticket also tries to collect some helpful use cases for such SMTP keywords:MAIL FROM: <address>andRCPT TO: <address>compatible to use in datasets, e.g. e-mail blacklistHELO / EHLO: <server>-> dataset blacklistAUTHto detect multiple login attempts- Return-Codes
- Other headers (
Subject,Content-Type) in the DATA part, ideally with custom header support
Feel free to add further use cases.
Thanks!
VJ Updated by Victor Julien almost 3 years ago
- Related to Feature #776: rules: Add smtp_envelope and smtp_header keywords added
VJ Updated by Victor Julien over 2 years ago
- Related to Task #6473: tracking: detect: smtp keyword coverage added
VJ Updated by Victor Julien over 2 years ago
- Related to Task #6443: Suricon 2023 brainstorm added
JF Updated by Juliana Fajardini Reichow over 1 year ago
- Related to Story #6597: rules: improve rules keyword/output parity added
VJ Updated by Victor Julien over 1 year ago
- Subject changed from Feature Request: Add "SMTP" keywords for use in rules to smtp: add keywords for use in rules
PA Updated by Philippe Antoine over 1 year ago
- Related to Feature #6474: detect: smtp body inspection keyword added
Actions