Feature #776: rules: Add smtp_envelope and smtp_header keywords - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #776

open

DA OD

Task #6473: tracking: detect: smtp keyword coverage

rules: Add smtp_envelope and smtp_header keywords

Feature #776: rules: Add smtp_envelope and smtp_header keywords

Added by David André about 13 years ago. Updated over 2 years ago.

Status:

Assigned

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Beginner

Description

Add smtp_envelope and smtp_header keywords.

The envelope is composed of communication before the DATA segment ( example at http://en.wikipedia.org/wiki/SMTP#SMTP_transport_example) and the header is the part of the email content before there is the mail body (which should be anything between DATA and the first occurence of CR LF CR LF).

The idea is to allow rules searching for email addresses, mail user-agents, etc.. while not matching on the same pattern(s) being discussed in an email body.

Related issues 3 (2 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Related to Suricata - Task #4097: Suricon 2020 brainstorm	Assigned	Victor Julien	Actions
Related to Suricata - Feature #6198: smtp: add keywords for use in rules	New	OISF Dev	Actions
Related to Suricata - Feature #3487: mime: multi-part parser in Rust	Closed	Philippe Antoine	Actions

Project

General

Profile

Suricata

Custom queries

Feature #776

rules: Add smtp_envelope and smtp_header keywords

VJ Updated by Victor Julien about 13 years ago Actions
Copy link
#1

CV Updated by Christophe Vandeplas over 12 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
#3

AH Updated by Andreas Herz over 10 years ago Actions
Copy link
#4

VJ Updated by Victor Julien almost 8 years ago Actions
Copy link
#5

AH Updated by Andreas Herz about 7 years ago Actions
Copy link
#6

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
#7

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#8

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#9

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
#10

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
#11

PA Updated by Philippe Antoine almost 3 years ago Actions
Copy link
#12

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#13

Project

General

Profile

Suricata

Custom queries

Feature #776

rules: Add smtp_envelope and smtp_header keywords

VJ Updated by Victor Julien about 13 years ago ActionsCopy link #1

CV Updated by Christophe Vandeplas over 12 years ago ActionsCopy link #2

VJ Updated by Victor Julien over 12 years ago ActionsCopy link #3

AH Updated by Andreas Herz over 10 years ago ActionsCopy link #4

VJ Updated by Victor Julien almost 8 years ago ActionsCopy link #5

AH Updated by Andreas Herz about 7 years ago ActionsCopy link #6

VJ Updated by Victor Julien over 6 years ago ActionsCopy link #7

VJ Updated by Victor Julien over 5 years ago ActionsCopy link #8

VJ Updated by Victor Julien over 5 years ago ActionsCopy link #9

VJ Updated by Victor Julien over 3 years ago ActionsCopy link #10

VJ Updated by Victor Julien almost 3 years ago ActionsCopy link #11

PA Updated by Philippe Antoine almost 3 years ago ActionsCopy link #12

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #13

VJ Updated by Victor Julien about 13 years ago Actions
Copy link
#1

CV Updated by Christophe Vandeplas over 12 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
#3

AH Updated by Andreas Herz over 10 years ago Actions
Copy link
#4

VJ Updated by Victor Julien almost 8 years ago Actions
Copy link
#5

AH Updated by Andreas Herz about 7 years ago Actions
Copy link
#6

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
#7

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#8

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#9

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
#10

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
#11

PA Updated by Philippe Antoine almost 3 years ago Actions
Copy link
#12

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#13