Task #7863
open
smb: trigger raw stream inspection
Added by Shivani Bhardwaj 7 months ago.
Updated 7 months ago.
Description
For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).
Related issues
2 (2 open — 0 closed)
- Copied from Task #7743: http: trigger raw stream inspection added
- Target version changed from 8.0.1 to 9.0.0-beta1
- Related to Bug #8266: detect: erroneous alerts due to inconsistency between applayer and stream added
- Related to deleted (Bug #8266: detect: erroneous alerts due to inconsistency between applayer and stream)
- Blocked by Bug #8266: detect: erroneous alerts due to inconsistency between applayer and stream added
Also available in: Atom
PDF