Project

General

Profile

Actions
Copy link

Feature #7621

open

rules: add lua extension or function

Added by Stuart DC 10 months ago. Updated 17 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Description

extend lua capabilities to enable accessing remote resources like sockets and APIs.

Actions
Copy link
 #1

Updated by Jason Ish 10 months ago

Suricata 8.0 runs Lua rules in a very restricted sandbox for security and performanc reasons.

However, output scripts where it might make sense to access other resources is unrestricted, and you should be able to do all this today. Even in 7.0 you could connect to a database or REST API from a Lua rule if you wanted, doesn't mean that you should.

Could you please provide more detail to your request as Lua is nearing completion of an overhaul for Suricata 8.0.

Actions
Copy link
 #2

Updated by Victor Julien 17 days ago

  • Status changed from New to Feedback
Actions
Copy link
 #3

Updated by Victor Julien 17 days ago

  • Subject changed from add lua extension or function to rules: add lua extension or function
Actions
Copy link

Also available in: Atom PDF