Project

General

Profile

Actions
Copy link

Task #7863

open
SB SB

smb: trigger raw stream inspection

Task #7863: smb: trigger raw stream inspection

Added by Shivani Bhardwaj 8 months ago. Updated 8 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
9.0.0-beta1
Effort:
Difficulty:
high
Label:

Description

For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).

Related issues 1 (1 open0 closed)

Blocked by Suricata - Bug #8266: detect: erroneous alerts due to inconsistency between applayer and streamIn ProgressShivani BhardwajActions

SB Updated by Shivani Bhardwaj 8 months ago Actions
Copy link
 #1

  • Copied from Task #7743: http: trigger raw stream inspection added

SB Updated by Shivani Bhardwaj 8 months ago Actions
Copy link
 #2

  • Target version changed from 8.0.1 to 9.0.0-beta1

SB Updated by Shivani Bhardwaj 2 months ago Actions
Copy link
 #3

  • Related to Bug #8266: detect: erroneous alerts due to inconsistency between applayer and stream added

SB Updated by Shivani Bhardwaj 2 months ago Actions
Copy link
 #4

  • Related to deleted (Bug #8266: detect: erroneous alerts due to inconsistency between applayer and stream)

SB Updated by Shivani Bhardwaj 2 months ago Actions
Copy link
 #5

  • Blocked by Bug #8266: detect: erroneous alerts due to inconsistency between applayer and stream added

SB Updated by Shivani Bhardwaj 20 days ago Actions
Copy link
 #6

  • Copied from deleted (Task #7743: http: trigger raw stream inspection)
Actions
Copy link

Also available in: PDF Atom