Project

General

Profile

Actions

Feature #7097

closed

Additions to flow detection - size

Added by Peter Manev 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

It will be good for detection if we can have a way of highlighting

It would be nice to be able to alert on big SSH/RDP/TLS etc , flows regardless of what the stream depth is set to be.
Of course this can be done in a SIEM search via the suricata event_type flow logs, but a possibility to generate an alert goes a long way in giving flexibility to the blue team/defenders.
This can be useful in many ways, especially in housekeeping / policy violations types of scenarios but also exfiltration detection and other.


Related issues 1 (1 open0 closed)

Related to Suricata - Feature #5646: rules: allow matching on flow pkts and bytes in either directionIn ReviewShivani BhardwajActions
Actions #1

Updated by Victor Julien 5 months ago

  • Status changed from New to Feedback

What else do you need than the things already in #6164?

Actions #3

Updated by Philippe Antoine 5 months ago

  • Related to Feature #5646: rules: allow matching on flow pkts and bytes in either direction added
Actions #4

Updated by Philippe Antoine 5 months ago

  • Status changed from Feedback to Closed

Duplicate of #5646 then

Actions

Also available in: Atom PDF