Actions
Feature #7621
openrules: add lua extension or function
Description
extend lua capabilities to enable accessing remote resources like sockets and APIs.
Actions
Added by Stuart DC 11 months ago. Updated about 2 months ago.
Description
extend lua capabilities to enable accessing remote resources like sockets and APIs.
Suricata 8.0 runs Lua rules in a very restricted sandbox for security and performanc reasons.
However, output scripts where it might make sense to access other resources is unrestricted, and you should be able to do all this today. Even in 7.0 you could connect to a database or REST API from a Lua rule if you wanted, doesn't mean that you should.
Could you please provide more detail to your request as Lua is nearing completion of an overhaul for Suricata 8.0.