Actions
Feature #7097
closedAdditions to flow detection - size
Description
It will be good for detection if we can have a way of highlighting
It would be nice to be able to alert on big SSH/RDP/TLS etc , flows regardless of what the stream depth is set to be.
Of course this can be done in a SIEM search via the suricata event_type flow logs, but a possibility to generate an alert goes a long way in giving flexibility to the blue team/defenders.
This can be useful in many ways, especially in housekeeping / policy violations types of scenarios but also exfiltration detection and other.
Updated by Victor Julien 6 months ago
- Status changed from New to Feedback
What else do you need than the things already in #6164?
Updated by Peter Manev 6 months ago
This should cover it https://redmine.openinfosecfoundation.org/issues/5646
Updated by Philippe Antoine 6 months ago
- Related to Feature #5646: rules: allow matching on flow pkts and bytes in either direction added
Updated by Philippe Antoine 6 months ago
- Status changed from Feedback to Closed
Duplicate of #5646 then
Actions