Actions
Task #6443
open
VJ
VJ
Task #4763: tracking: Suricon brainstorms
Suricon 2023 brainstorm
Task #6443:
Suricon 2023 brainstorm
Added by Victor Julien over 2 years ago. Updated over 2 years ago.
Effort:
Difficulty:
Label:
PA Updated by Philippe Antoine over 2 years ago Actions #1
- Related to Feature #1199: protocol: LDAP support added
PA Updated by Philippe Antoine over 2 years ago Actions #2
- Related to Task #5682: tracking: smb performance issues added
PA Updated by Philippe Antoine over 2 years ago Actions #3
- Related to Optimization #5679: tracking: useful log output added
PA Updated by Philippe Antoine over 2 years ago Actions #5
- Related to Feature #5665: rules: bidirectional transaction matching added
PA Updated by Philippe Antoine over 2 years ago Actions #6
- Related to Feature #5664: "Scope" bits should have an expiration added
PA Updated by Philippe Antoine over 2 years ago Actions #7
- Related to Feature #2772: Add MPLS labels to alert output added
PA Updated by Philippe Antoine over 2 years ago Actions #8
- Related to Feature #5675: protocol: MMS SCADA support added
PA Updated by Philippe Antoine over 2 years ago Actions #9
- Related to Feature #5642: DNS: parity between log fields and detection added
PA Updated by Philippe Antoine over 2 years ago Actions #10
- Related to Task #4772: tracking: parity between fields logged and fields available for detection added
PA Updated by Philippe Antoine over 2 years ago Actions #11
HTTP/3 : no feedback from decryptors
More SMTP and FTP keywords and detection
- smtp.subject
PA Updated by Philippe Antoine over 2 years ago Actions #12
Philippe Antoine wrote in #note-11:
HTTP/3 : no feedback from decryptors
More SMTP and FTP keywords and detection
- smtp.subject
Frames support can be an alternative to a new keyword
PA Updated by Philippe Antoine over 2 years ago Actions #13
file.data does not work for SMTP body, SMTP body should be treated as a file
PA Updated by Philippe Antoine over 2 years ago Actions #14
- Related to Feature #5773: doh: support DNS over HTTPS (DoH) added
JF Updated by Juliana Fajardini Reichow over 2 years ago Actions #15
- Related to Task #4143: tracking: file.data improvements added
PA Updated by Philippe Antoine over 2 years ago Actions #16
FTP file.name has a perf impact ?
PA Updated by Philippe Antoine over 2 years ago Actions #17
Clarify the doc between ftp and ftp-data abilities
JF Updated by Juliana Fajardini Reichow over 2 years ago Actions #18
- Subtask #6452 added
PA Updated by Philippe Antoine over 2 years ago Actions #19
- Related to Feature #6206: Investigate a more intuitive use of the timestamp field in traffic/metadata events added
JF Updated by Juliana Fajardini Reichow over 2 years ago Actions #20
- Subtask deleted (
#6452)
JF Updated by Juliana Fajardini Reichow over 2 years ago Actions #21
- Related to Documentation #6452: userguide/ftp: clarify usage around ftp and ftp.data keyword added
PA Updated by Philippe Antoine over 2 years ago Actions #22
- Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools added
PA Updated by Philippe Antoine over 2 years ago Actions #23
Domain name can be in DNS names, HTTP host or TLS sni based on the networks that do not have all these traffics
PA Updated by Philippe Antoine over 2 years ago Actions #24
Add client certificates information in output
Already done in suricata 7
PA Updated by Philippe Antoine over 2 years ago Actions #25
- Related to Task #2167: tracking: eve enhancements added
PA Updated by Philippe Antoine over 2 years ago Actions #26
fileinfo event could hav the name of the file being stored on disk
PA Updated by Philippe Antoine over 2 years ago Actions #27
Have a version field for each event ?
PA Updated by Philippe Antoine over 2 years ago Actions #28
- Related to Feature #5972: rules: "requires" keyword representing the minimum version of suricata to support the rule added
VJ Updated by Victor Julien over 2 years ago Actions #29
- Related to Feature #6453: Support DNS over TLS added
VJ Updated by Victor Julien over 2 years ago Actions #30
- Related to Feature #4853: eve: Add information about Suricata version added
JI Updated by Jason Ish over 2 years ago Actions #31
- Related to Feature #6296: smtp: BDAT chunking support incl MIME parsing added
JI Updated by Jason Ish over 2 years ago Actions #32
- Related to Task #4380: tracking: improvements to bits, ints, vars added
PA Updated by Philippe Antoine over 2 years ago Actions #33
- Related to Feature #6456: output: binary logging added
PA Updated by Philippe Antoine over 2 years ago Actions #34
- Related to Feature #6457: eve: configurable list of fields in output added
VJ Updated by Victor Julien over 2 years ago Actions #35
- Related to Documentation #6071: eve/schema: add descriptions to the schema added
JI Updated by Jason Ish over 2 years ago Actions #36
- Related to Task #3299: tracking: Add support for industrial protocol added
JI Updated by Jason Ish over 2 years ago Actions #37
- Related to Feature #6464: protocol: profibus added
JF Updated by Juliana Fajardini Reichow over 2 years ago Actions #38
- Related to Task #6463: eve/output: investigate how to track coverage / parity added
PA Updated by Philippe Antoine over 2 years ago Actions #39
- Related to Feature #5838: dpdk: NIC encapsulation stripping added
JI Updated by Jason Ish over 2 years ago Actions #40
- Related to Feature #6465: multi-tenant: support vxlan as a selector added
JI Updated by Jason Ish over 2 years ago Actions #41
- Related to Feature #6466: multi-tenant: support mpls as a selector added
JI Updated by Jason Ish over 2 years ago Actions #42
- Related to Feature #6467: flow tracking: add other parameters to flow tracking added
PA Updated by Philippe Antoine over 2 years ago Actions #43
- Related to Feature #6472: HTTP/3 support added
VJ Updated by Victor Julien over 2 years ago Actions #44
- Related to Task #6473: detect: smtp keyword coverage added
JI Updated by Jason Ish over 2 years ago Actions #45
- Related to Task #6476: ftp: parity of logging and detection buffers added
VJ Updated by Victor Julien over 2 years ago Actions #46
- Related to Feature #6198: smtp: add keywords for use in rules added
JI Updated by Jason Ish over 2 years ago Actions #47
- Related to Feature #4876: Additional FTP Buffers added
PA Updated by Philippe Antoine over 2 years ago Actions #48
- Related to Feature #3260: SMTP Base64 Decoding of Message Body added
PA Updated by Philippe Antoine over 2 years ago Actions #49
- Related to Feature #3261: SMTP quoted-printable Decoding of Message Body added
PA Updated by Philippe Antoine over 2 years ago Actions #50
- Related to Documentation #6478: schema: add missing fields added
VJ Updated by Victor Julien over 2 years ago Actions #51
- Related to Feature #5489: research: multi version rules; or version dependent rules added
PA Updated by Philippe Antoine over 2 years ago Actions #52
- Related to Feature #6290: http: support case insensitive testing of header name existence added
PA Updated by Philippe Antoine over 2 years ago Actions #53
detecting bad capture
unidirectional, encapsulation, duplicate packets...
JF Updated by Juliana Fajardini Reichow over 2 years ago Actions #54
- Related to Feature #5816: stats: exception policy counters added
PA Updated by Philippe Antoine over 2 years ago Actions #55
- Related to Feature #6482: Deployment: detect if capture is good enough added
JF Updated by Juliana Fajardini Reichow over 2 years ago Actions #56
- Related to Feature #5681: datasets: add more transform layers to match on domains added
PA Updated by Philippe Antoine over 2 years ago Actions #57
it would great to find a way to reduce impact of inspection on throughput performance. i.e. let’s say throughput is 5 gig on a box but once Suricata is enabled it drops to a bit over 1 gig.
PA Updated by Philippe Antoine over 2 years ago Actions #58
doc/release: include a delta of changes to suricata.yaml
@Jason Ish just said he will create a ticket for this
PA Updated by Philippe Antoine over 2 years ago Actions #59
performance: Where do the packets get dropped ?
PA Updated by Philippe Antoine over 2 years ago Actions #60
- Related to Task #5666: rules: help to visualize how a Suricata rule matches (different contents/offsets) added
VJ Updated by Victor Julien over 2 years ago Actions #61
- Related to Feature #5206: Buffer Dump Utility added
PA Updated by Philippe Antoine over 2 years ago Actions #62
Discussion about LUA vendoring...
PA Updated by Philippe Antoine over 2 years ago Actions #63
Being able to ship JA4+ as a plugin
PA Updated by Philippe Antoine over 2 years ago Actions #64
- Related to Feature #2695: websocket support added
PA Updated by Philippe Antoine over 2 years ago Actions #65
- Related to Feature #4776: lua: vendor latest lua stable added
JI Updated by Jason Ish over 2 years ago Actions #66
- Related to Feature #4775: lua: overhaul lua support added
JI Updated by Jason Ish over 2 years ago Actions #67
- Related to Feature #4777: lua: implement sandboxing added
JF Updated by Juliana Fajardini Reichow over 2 years ago Actions #68
- Related to Documentation #6484: userguide: add keyword performance results added
JF Updated by Juliana Fajardini Reichow over 2 years ago Actions #69
- Related to Task #6485: [investigate] Scoring method for keywords and transforms added
PA Updated by Philippe Antoine over 2 years ago Actions #70
- Related to Bug #6394: Sudden increase in capture.kernel_drops and tcp.pkt_on_wrong_thread after upgrading to 6.0.14 added
JF Updated by Juliana Fajardini Reichow over 2 years ago Actions #71
- Related to Documentation #6486: userguide: explain pkt_on_wrong_thread counter added
PA Updated by Philippe Antoine over 2 years ago Actions #72
- Related to Bug #5220: detect/base64_data: fast_pattern shouldn't be allowed added
JI Updated by Jason Ish over 2 years ago Actions #73
- Related to Feature #6487: detect/transform: from_base64 added
Actions