Feature #7508: rules: ftp.reply keyword - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #7508

open

rules: ftp.reply keyword

Added by Victor Julien 2 months ago. Updated about 18 hours ago.

Status:

In Review

Priority:

High

Assignee:

Jeff Lucovsky

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Description

Match on the tracked replies (eve's ftp.reply). Since there can be more than 1, it's probably a multi-buffer.

Related issues 2 (2 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Updated by Victor Julien 2 months ago

Copied from Feature #7507: rules: ftp.completion_code keyword added

Actions

Copy link

Updated by Victor Julien 2 months ago

Blocks Task #6476: ftp: parity of logging and detection buffers added

Actions

Copy link

Updated by Victor Julien about 1 month ago

Priority changed from Normal to High

Actions

Copy link

Updated by Jeff Lucovsky about 18 hours ago

Status changed from New to In Review

https://github.com/OISF/suricata/pull/12808

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #7508

rules: ftp.reply keyword

Updated by Victor Julien 2 months ago

Updated by Victor Julien 2 months ago

Updated by Victor Julien about 1 month ago

Updated by Jeff Lucovsky about 18 hours ago

	Blocks Suricata - Task #6476: ftp: parity of logging and detection buffers	In Progress	Jeff Lucovsky				Actions
	Copied from Suricata - Feature #7507: rules: ftp.completion_code keyword	New	Jeff Lucovsky				Actions