Project

General

Profile

Actions

Feature #7097

closed

Additions to flow detection - size

Added by Peter Manev 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

It will be good for detection if we can have a way of highlighting

It would be nice to be able to alert on big SSH/RDP/TLS etc , flows regardless of what the stream depth is set to be.
Of course this can be done in a SIEM search via the suricata event_type flow logs, but a possibility to generate an alert goes a long way in giving flexibility to the blue team/defenders.
This can be useful in many ways, especially in housekeeping / policy violations types of scenarios but also exfiltration detection and other.


Related issues 1 (1 open0 closed)

Related to Suricata - Feature #5646: rules: allow matching on flow pkts and bytes in either directionIn ReviewShivani BhardwajActions
Actions

Also available in: Atom PDF