Feature #7621: add lua extension or function - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #7621

open

add lua extension or function

Added by Stuart Del Caliz 9 days ago. Updated 2 days ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

extend lua capabilities to enable accessing remote resources like sockets and APIs.

History
Notes

Actions

Copy link

Updated by Jason Ish 2 days ago

Suricata 8.0 runs Lua rules in a very restricted sandbox for security and performanc reasons.

However, output scripts where it might make sense to access other resources is unrestricted, and you should be able to do all this today. Even in 7.0 you could connect to a database or REST API from a Lua rule if you wanted, doesn't mean that you should.

Could you please provide more detail to your request as Lua is nearing completion of an overhaul for Suricata 8.0.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #7621

add lua extension or function

Updated by Jason Ish 2 days ago