Task #7863 open
SB
SB
smb: trigger raw stream inspection
Added by Shivani Bhardwaj 10 months ago.
Updated 3 days ago.
Description
For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004 ).
Related issues
1 (1 open — 0 closed )
Copied from Task #7743 : http: trigger raw stream inspection added
Target version changed from 8.0.1 to 9.0.0-beta1
Related to Bug #8266 : detect: erroneous alerts due to inconsistency between applayer and stream added
Related to deleted (Bug #8266 : detect: erroneous alerts due to inconsistency between applayer and stream )
Blocked by Bug #8266 : detect: erroneous alerts due to inconsistency between applayer and stream added
Copied from deleted (Task #7743 : http: trigger raw stream inspection )
Status changed from Assigned to In Review
Also available in: PDF
Atom