Feature #6807: Support the use of variables within transforms - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #6807

open

Support the use of variables within transforms

Added by Jeff Lucovsky 2 months ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Support the use of variables within transforms, e.g,

alert http any any -> any any (msg:"byte extract test 1";  byte_extract:2,15,two1,string,dec; http.uri; content:"dGhpc2lzYXRlc3QK"; from_base64: offset two1; sid:1; rev:1;)

With this rule (and variable support from the from_base64 transform), the transform was never invoked following the call to DetectByteExtractDoMatch during content inspection.

Related issues 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Updated by Jeff Lucovsky about 2 months ago

Follows Feature #6487: transform: from_base64 added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #6807

Support the use of variables within transforms

Updated by Jeff Lucovsky about 2 months ago