Project

General

Profile

Actions
Copy link

Feature #7508

open

rules: ftp.reply keyword

Added by Victor Julien 2 months ago. Updated 3 days ago.

Status:
In Review
Priority:
High
Assignee:
Jeff Lucovsky
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Match on the tracked replies (eve's ftp.reply). Since there can be more than 1, it's probably a multi-buffer.

Related issues 2 (2 open0 closed)

Blocks Suricata - Task #6476: ftp: parity of logging and detection buffersIn ProgressJeff LucovskyActions
Copied from Suricata - Feature #7507: rules: ftp.completion_code keywordIn ProgressJeff LucovskyActions
Actions
Copy link

Also available in: Atom PDF