Feature #7621
open
add lua extension or function
Added by Stuart Del Caliz 11 days ago.
Updated 5 days ago.
Description
extend lua capabilities to enable accessing remote resources like sockets and APIs.
Suricata 8.0 runs Lua rules in a very restricted sandbox for security and performanc reasons.
However, output scripts where it might make sense to access other resources is unrestricted, and you should be able to do all this today. Even in 7.0 you could connect to a database or REST API from a Lua rule if you wanted, doesn't mean that you should.
Could you please provide more detail to your request as Lua is nearing completion of an overhaul for Suricata 8.0.
Also available in: Atom
PDF