Actions
Task #6443
open
VJ
VJ
Task #4763: tracking: Suricon brainstorms
Suricon 2023 brainstorm
Task #6443:
Suricon 2023 brainstorm
Effort:
Difficulty:
Label:
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #1199: protocol: LDAP support added
PA Updated by Philippe Antoine over 2 years ago
- Related to Task #5682: tracking: smb performance issues added
PA Updated by Philippe Antoine over 2 years ago
- Related to Optimization #5679: tracking: useful log output added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #5665: rules: bidirectional transaction matching added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #5664: "Scope" bits should have an expiration added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #2772: Add MPLS labels to alert output added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #5675: protocol: MMS SCADA support added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #5642: DNS: parity between log fields and detection added
PA Updated by Philippe Antoine over 2 years ago
- Related to Task #4772: tracking: parity between fields logged and fields available for detection added
PA Updated by Philippe Antoine over 2 years ago
HTTP/3 : no feedback from decryptors
More SMTP and FTP keywords and detection
- smtp.subject
PA Updated by Philippe Antoine over 2 years ago
Philippe Antoine wrote in #note-11:
HTTP/3 : no feedback from decryptors
More SMTP and FTP keywords and detection
- smtp.subject
Frames support can be an alternative to a new keyword
PA Updated by Philippe Antoine over 2 years ago
file.data does not work for SMTP body, SMTP body should be treated as a file
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #5773: doh: support DNS over HTTPS (DoH) added
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Task #4143: tracking: file.data improvements added
PA Updated by Philippe Antoine over 2 years ago
FTP file.name has a perf impact ?
PA Updated by Philippe Antoine over 2 years ago
Clarify the doc between ftp and ftp-data abilities
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Subtask #6452 added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #6206: Investigate a more intuitive use of the timestamp field in traffic/metadata events added
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Subtask deleted (
#6452)
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Documentation #6452: userguide/ftp: clarify usage around ftp and ftp.data keyword added
PA Updated by Philippe Antoine over 2 years ago
- Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools added
PA Updated by Philippe Antoine over 2 years ago
Domain name can be in DNS names, HTTP host or TLS sni based on the networks that do not have all these traffics
PA Updated by Philippe Antoine over 2 years ago
Add client certificates information in output
Already done in suricata 7
PA Updated by Philippe Antoine over 2 years ago
- Related to Task #2167: tracking: eve enhancements added
PA Updated by Philippe Antoine over 2 years ago
fileinfo event could hav the name of the file being stored on disk
PA Updated by Philippe Antoine over 2 years ago
Have a version field for each event ?
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #5972: rules: "requires" keyword representing the minimum version of suricata to support the rule added
VJ Updated by Victor Julien over 2 years ago
- Related to Feature #6453: Support DNS over TLS added
VJ Updated by Victor Julien over 2 years ago
- Related to Feature #4853: eve: Add information about Suricata version added
JI Updated by Jason Ish over 2 years ago
- Related to Feature #6296: smtp: BDAT chunking support incl MIME parsing added
JI Updated by Jason Ish over 2 years ago
- Related to Task #4380: tracking: improvements to bits, ints, vars added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #6456: output: binary logging added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #6457: eve: configurable list of fields in output added
VJ Updated by Victor Julien over 2 years ago
- Related to Documentation #6071: eve/schema: add descriptions to the schema added
JI Updated by Jason Ish over 2 years ago
- Related to Task #3299: tracking: Add support for industrial protocol added
JI Updated by Jason Ish over 2 years ago
- Related to Feature #6464: protocol: profibus added
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Task #6463: eve/output: investigate how to track coverage / parity added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #5838: dpdk: NIC encapsulation stripping added
JI Updated by Jason Ish over 2 years ago
- Related to Feature #6465: multi-tenant: support vxlan as a selector added
JI Updated by Jason Ish over 2 years ago
- Related to Feature #6466: multi-tenant: support mpls as a selector added
JI Updated by Jason Ish over 2 years ago
- Related to Feature #6467: flow tracking: add other parameters to flow tracking added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #6472: HTTP/3 support added
VJ Updated by Victor Julien over 2 years ago
- Related to Task #6473: detect: smtp keyword coverage added
JI Updated by Jason Ish over 2 years ago
- Related to Task #6476: ftp: parity of logging and detection buffers added
VJ Updated by Victor Julien over 2 years ago
- Related to Feature #6198: smtp: add keywords for use in rules added
JI Updated by Jason Ish over 2 years ago
- Related to Feature #4876: Additional FTP Buffers added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #3260: SMTP Base64 Decoding of Message Body added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #3261: SMTP quoted-printable Decoding of Message Body added
PA Updated by Philippe Antoine over 2 years ago
- Related to Documentation #6478: schema: add missing fields added
VJ Updated by Victor Julien over 2 years ago
- Related to Feature #5489: research: multi version rules; or version dependent rules added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #6290: http: support case insensitive testing of header name existence added
PA Updated by Philippe Antoine over 2 years ago
detecting bad capture
unidirectional, encapsulation, duplicate packets...
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Feature #5816: stats: exception policy counters added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #6482: Deployment: detect if capture is good enough added
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Feature #5681: datasets: add more transform layers to match on domains added
PA Updated by Philippe Antoine over 2 years ago
it would great to find a way to reduce impact of inspection on throughput performance. i.e. let’s say throughput is 5 gig on a box but once Suricata is enabled it drops to a bit over 1 gig.
PA Updated by Philippe Antoine over 2 years ago
doc/release: include a delta of changes to suricata.yaml
@Jason Ish just said he will create a ticket for this
PA Updated by Philippe Antoine over 2 years ago
performance: Where do the packets get dropped ?
PA Updated by Philippe Antoine over 2 years ago
- Related to Task #5666: rules: help to visualize how a Suricata rule matches (different contents/offsets) added
VJ Updated by Victor Julien over 2 years ago
- Related to Feature #5206: Buffer Dump Utility added
PA Updated by Philippe Antoine over 2 years ago
Discussion about LUA vendoring...
PA Updated by Philippe Antoine over 2 years ago
Being able to ship JA4+ as a plugin
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #2695: websocket support added
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #4776: lua: vendor latest lua stable added
JI Updated by Jason Ish over 2 years ago
- Related to Feature #4775: lua: overhaul lua support added
JI Updated by Jason Ish over 2 years ago
- Related to Feature #4777: lua: implement sandboxing added
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Documentation #6484: userguide: add keyword performance results added
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Task #6485: [investigate] Scoring method for keywords and transforms added
PA Updated by Philippe Antoine over 2 years ago
- Related to Bug #6394: Sudden increase in capture.kernel_drops and tcp.pkt_on_wrong_thread after upgrading to 6.0.14 added
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Documentation #6486: userguide: explain pkt_on_wrong_thread counter added
PA Updated by Philippe Antoine over 2 years ago
- Related to Bug #5220: detect/base64_data: fast_pattern shouldn't be allowed added
JI Updated by Jason Ish over 2 years ago
- Related to Feature #6487: detect/transform: from_base64 added
Actions