Task #6443
openTask #4763: tracking: Suricon brainstorms
Suricon 2023 brainstorm
Added by Victor Julien about 1 year ago. Updated about 1 year ago.
Updated by Philippe Antoine about 1 year ago
- Related to Feature #1199: protocol: LDAP support added
Updated by Philippe Antoine about 1 year ago
- Related to Task #5682: tracking: smb performance issues added
Updated by Philippe Antoine about 1 year ago
- Related to Optimization #5679: tracking: useful log output added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #5665: rules: bidirectional transaction matching added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #5664: "Scope" bits should have an expiration added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #2772: Add MPLS labels to alert output added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #5675: protocol: MMS SCADA support added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #5642: DNS: parity between log fields and detection added
Updated by Philippe Antoine about 1 year ago
- Related to Task #4772: tracking: parity between fields logged and fields available for detection added
Updated by Philippe Antoine about 1 year ago
HTTP/3 : no feedback from decryptors
More SMTP and FTP keywords and detection
- smtp.subject
Updated by Philippe Antoine about 1 year ago
Philippe Antoine wrote in #note-11:
HTTP/3 : no feedback from decryptors
More SMTP and FTP keywords and detection
- smtp.subject
Frames support can be an alternative to a new keyword
Updated by Philippe Antoine about 1 year ago
file.data does not work for SMTP body, SMTP body should be treated as a file
Updated by Philippe Antoine about 1 year ago
- Related to Feature #5773: Support DNS over HTTPS (DoH) added
Updated by Juliana Fajardini Reichow about 1 year ago
- Related to Task #4143: tracking: file.data improvements added
Updated by Philippe Antoine about 1 year ago
Clarify the doc between ftp and ftp-data abilities
Updated by Philippe Antoine about 1 year ago
- Related to Feature #6206: Investigate a more intuitive use of the timestamp field in traffic/metadata events added
Updated by Juliana Fajardini Reichow about 1 year ago
- Related to Documentation #6452: userguide/ftp: clarify usage around ftp and ftp.data keyword added
Updated by Philippe Antoine about 1 year ago
- Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools added
Updated by Philippe Antoine about 1 year ago
Domain name can be in DNS names, HTTP host or TLS sni based on the networks that do not have all these traffics
Updated by Philippe Antoine about 1 year ago
Add client certificates information in output
Already done in suricata 7
Updated by Philippe Antoine about 1 year ago
- Related to Task #2167: tracking: eve enhancements added
Updated by Philippe Antoine about 1 year ago
fileinfo event could hav the name of the file being stored on disk
Updated by Philippe Antoine about 1 year ago
Have a version
field for each event ?
Updated by Philippe Antoine about 1 year ago
- Related to Feature #5972: rules: "requires" keyword representing the minimum version of suricata to support the rule added
Updated by Victor Julien about 1 year ago
- Related to Feature #6453: Support DNS over TLS added
Updated by Victor Julien about 1 year ago
- Related to Feature #4853: eve: Add information about Suricata version added
Updated by Jason Ish about 1 year ago
- Related to Feature #6296: smtp: BDAT chunking support incl MIME parsing added
Updated by Jason Ish about 1 year ago
- Related to Task #4380: tracking: improvements to bits, ints, vars added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #6456: output: binary logging added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #6457: eve: configurable list of fields in output added
Updated by Victor Julien about 1 year ago
- Related to Documentation #6071: eve/schema: add descriptions to the schema added
Updated by Jason Ish about 1 year ago
- Related to Task #3299: tracking: Add support for industrial protocol added
Updated by Jason Ish about 1 year ago
- Related to Feature #6464: protocol: profibus added
Updated by Juliana Fajardini Reichow about 1 year ago
- Related to Task #6463: eve/output: investigate how to track coverage / parity added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #5838: dpdk: NIC encapsulation stripping added
Updated by Jason Ish about 1 year ago
- Related to Feature #6465: multi-tenant: support vxlan as a selector added
Updated by Jason Ish about 1 year ago
- Related to Feature #6466: multi-tenant: support mpls as a selector added
Updated by Jason Ish about 1 year ago
- Related to Feature #6467: flow tracking: add other parameters to flow tracking added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #6472: HTTP/3 support added
Updated by Victor Julien about 1 year ago
- Related to Task #6473: detect: smtp keyword coverage added
Updated by Jason Ish about 1 year ago
- Related to Task #6476: ftp: parity of logging and detection buffers added
Updated by Victor Julien about 1 year ago
- Related to Feature #6198: Feature Request: Add "SMTP" keywords for use in rules added
Updated by Jason Ish about 1 year ago
- Related to Feature #4876: Additional FTP Buffers added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #3260: SMTP Base64 Decoding of Message Body added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #3261: SMTP quoted-printable Decoding of Message Body added
Updated by Philippe Antoine about 1 year ago
- Related to Documentation #6478: schema: add missing fields added
Updated by Victor Julien about 1 year ago
- Related to Feature #5489: research: multi version rules; or version dependent rules added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #6290: support case insensitive testing of HTTP header name existence added
Updated by Philippe Antoine about 1 year ago
detecting bad capture
unidirectional, encapsulation, duplicate packets...
Updated by Juliana Fajardini Reichow about 1 year ago
- Related to Feature #5816: Exception policy stats counters added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #6482: Deployment: detect if capture is good enough added
Updated by Juliana Fajardini Reichow about 1 year ago
- Related to Feature #5681: datasets: add more transform layers to match on domains added
Updated by Philippe Antoine about 1 year ago
it would great to find a way to reduce impact of inspection on throughput performance. i.e. let’s say throughput is 5 gig on a box but once Suricata is enabled it drops to a bit over 1 gig.
Updated by Philippe Antoine about 1 year ago
doc/release: include a delta of changes to suricata.yaml
@Jason Ish just said he will create a ticket for this
Updated by Philippe Antoine about 1 year ago
performance: Where do the packets get dropped ?
Updated by Philippe Antoine about 1 year ago
- Related to Task #5666: rules: help to visualize how a Suricata rule matches (different contents/offsets) added
Updated by Victor Julien about 1 year ago
- Related to Feature #5206: Buffer Dump Utility added
Updated by Philippe Antoine about 1 year ago
Being able to ship JA4+ as a plugin
Updated by Philippe Antoine about 1 year ago
- Related to Feature #2695: websocket support added
Updated by Philippe Antoine about 1 year ago
- Related to Feature #4776: lua: vendor latest lua stable added
Updated by Jason Ish about 1 year ago
- Related to Feature #4775: lua: overhaul lua support added
Updated by Jason Ish about 1 year ago
- Related to Feature #4777: lua: implement sandboxing added
Updated by Juliana Fajardini Reichow about 1 year ago
- Related to Documentation #6484: userguide: add keyword performance results added
Updated by Juliana Fajardini Reichow about 1 year ago
- Related to Task #6485: [investigate] Scoring method for keywords and transforms added
Updated by Philippe Antoine about 1 year ago
- Related to Bug #6394: Sudden increase in capture.kernel_drops and tcp.pkt_on_wrong_thread after upgrading to 6.0.14 added
Updated by Juliana Fajardini Reichow about 1 year ago
- Related to Documentation #6486: userguide: explain pkt_on_wrong_thread counter added
Updated by Philippe Antoine about 1 year ago
- Related to Bug #5220: fast_pattern specification in base64_data shouldn't be allowed added
Updated by Jason Ish about 1 year ago
- Related to Feature #6487: transform: from_base64 added