Task #7456: engine/analysis: report rule state altered by flowbit rule - Suricata - Open Information Security Foundation

Actions

Task #7456

open

engine/analysis: report rule state altered by flowbit rule

Added by Juliana Fajardini Reichow about 1 month ago. Updated 8 days ago.

Status:

In Review

Priority:

Normal

Assignee:

Juliana Fajardini Reichow

Target version:

Effort:

Difficulty:

Label:

Description

Flowbits can make a packet (stateless) rule become stateful (requiring flow) without
even changing the rule type.

Have the engine analyzer report when this happens, to increase visibility.

Related issues 4 (4 open — 0 closed)

Actions

#1

Updated by Juliana Fajardini Reichow about 1 month ago

Related to Documentation #7031: userguide: document SignatureProperties sigtype added

Actions

#2

Updated by Juliana Fajardini Reichow about 1 month ago

Related to Documentation #7395: engine/analysis: document the output for user friendliness added

Actions

#3

Updated by Juliana Fajardini Reichow about 1 month ago

Status changed from New to In Progress

Actions

#4

Updated by Juliana Fajardini Reichow about 1 month ago

Status changed from In Progress to In Review

Some version for review: https://github.com/OISF/suricata/pull/12286

Actions

#5

Updated by Juliana Fajardini Reichow 8 days ago

Related to Task #7484: engine/analysis: report rule dependencies added

Actions

#6

Updated by Juliana Fajardini Reichow 8 days ago

Subject changed from analysis: report rule state altered by other rule to engine/analysis: report rule state altered by flowbit rule

Actions

#7

Updated by Juliana Fajardini Reichow about 15 hours ago

Related to Task #7510: tests: add tests for each example and corner cases added

Actions

Also available in: Atom PDF