Project

General

Profile

Actions
Copy link

Task #8123

open

Task #4763: tracking: Suricon brainstorms

Suricon 2025 Brainstorm

Added by Juliana Fajardini Reichow about 1 month ago. Updated about 1 month ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
TBD
Effort:
Difficulty:
Label:

Related issues 22 (21 open1 closed)

Related to Suricata - Feature #6831: rules: support extraction of bytes of non-numeric valuesNewVictor JulienActions
Related to Suricata - Feature #2487: rules: buffers for field/value pairs in http.uri and http.client_bodyAssignedPhilippe AntoineActions
Related to Suricata - Feature #2301: netflow: dump records at intervalFeedbackJason IshActions
Related to Suricata - Feature #473: pcap log: alert log with packet indexesNewCommunity TicketActions
Related to Suricata - Feature #7401: yaml: add schemaAssignedJason IshActions
Related to Suricata - Feature #3316: unix-socket: support dumping flow tableFeedbackCommunity TicketActions
Related to Suricata - Feature #8124: datasets: support subnets NewOISF DevActions
Related to Suricata - Optimization #8125: profiling: help investigating memory consumptionNewOISF DevActions
Related to Suricata - Feature #8130: http: http.uri should normalize the + into space as per RFC 1886AssignedPhilippe AntoineActions
Related to Suricata - Feature #8128: rules/transform: add json_decode transformNewOISF DevActions
Related to Suricata - Feature #4840: stats: distinguish between observational stats and performance statsNewOISF DevActions
Related to Suricata - Task #8131: modbus: add detection keywords to match logging valuesNewOISF DevActions
Related to Suricata - Feature #8117: rules: flow.elephant keywordClosedShivani BhardwajActions
Related to Suricata - Task #3299: tracking: Add support for industrial protocolNewCommunity TicketActions
Related to Suricata - Feature #6461: ics protocol: bacnetNewGiuseppe LongoActions
Related to Suricata - Feature #4249: ics protocol: SS7 Protocol SupportAssignedSimon DugasActions
Related to Suricata - Task #4251: protocol: SCTP supportNewOISF DevActions
Related to Suricata - Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption toolsAssignedVictor JulienActions
Related to Suricata - Feature #6462: ics protocol: IEC104 Protocol SupportNewCommunity TicketActions
Related to Suricata - Task #5678: tracking: improve handling of non-IP protocolsNewVictor JulienActions
Related to Suricata - Task #3301: Research: Failover support within the current IPS implementationNewCommunity TicketActions
Related to Suricata - Feature #5705: protocol: Wireguard parserAssignedPierre ChifflierActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow about 1 month ago

  • Parent task set to #4763
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow about 1 month ago

  • Related to Feature #6831: rules: support extraction of bytes of non-numeric values added
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow about 1 month ago

  • Related to Feature #2487: rules: buffers for field/value pairs in http.uri and http.client_body added
Actions
Copy link
 #4

Updated by Jason Ish about 1 month ago

  • Related to Feature #2301: netflow: dump records at interval added
Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow about 1 month ago

  • Related to Feature #473: pcap log: alert log with packet indexes added
Actions
Copy link
 #6

Updated by Juliana Fajardini Reichow about 1 month ago

Actions
Copy link
 #7

Updated by Jason Ish about 1 month ago

  • Related to Feature #3316: unix-socket: support dumping flow table added
Actions
Copy link
 #8

Updated by Juliana Fajardini Reichow about 1 month ago

  • Tracker changed from Bug to Task
Actions
Copy link
 #9

Updated by Juliana Fajardini Reichow about 1 month ago

Actions
Copy link
 #10

Updated by Juliana Fajardini Reichow about 1 month ago

Actions
Copy link
 #11

Updated by Philippe Antoine about 1 month ago

  • Related to Feature #8130: http: http.uri should normalize the + into space as per RFC 1886 added
Actions
Copy link
 #12

Updated by Philippe Antoine about 1 month ago

  • Related to Feature #8128: rules/transform: add json_decode transform added
Actions
Copy link
 #13

Updated by Juliana Fajardini Reichow about 1 month ago

  • Related to Feature #4840: stats: distinguish between observational stats and performance stats added
Actions
Copy link
 #14

Updated by Juliana Fajardini Reichow about 1 month ago

  • Status changed from New to Assigned
Actions
Copy link
 #15

Updated by Philippe Antoine about 1 month ago

  • Related to Task #8131: modbus: add detection keywords to match logging values added
Actions
Copy link
 #16

Updated by Juliana Fajardini Reichow about 1 month ago

Actions
Copy link
 #17

Updated by Philippe Antoine about 1 month ago

  • Related to Task #3299: tracking: Add support for industrial protocol added
Actions
Copy link
 #18

Updated by Jason Ish about 1 month ago

Actions
Copy link
 #19

Updated by Jason Ish about 1 month ago

  • Related to Feature #4249: ics protocol: SS7 Protocol Support added
Actions
Copy link
 #20

Updated by Philippe Antoine about 1 month ago

  • Related to Task #4251: protocol: SCTP support added
Actions
Copy link
 #21

Updated by Philippe Antoine about 1 month ago

add more features to the supported protocols for Enhanced application protocol logs, Would be helpful - example - RDP, DHCP,MQTT, SMTP, Websockets, SMBCmd, FTP

Actions
Copy link
 #22

Updated by Jason Ish about 1 month ago

  • Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools added
Actions
Copy link
 #23

Updated by Philippe Antoine about 1 month ago

  • Related to Feature #6462: ics protocol: IEC104 Protocol Support added
Actions
Copy link
 #24

Updated by Philippe Antoine about 1 month ago

Would it be possible to have exception policies config options (and more configuration options) updated in real time, without requiring suricata restarts?

like unix-socket

Actions
Copy link
 #25

Updated by Philippe Antoine about 1 month ago

dataset expiration somehow, maybe it could have a TTL-like thing

Actions
Copy link
 #26

Updated by Philippe Antoine about 1 month ago

content-logging for ICMP

Actions
Copy link
 #27

Updated by Philippe Antoine about 1 month ago

  • Related to Task #5678: tracking: improve handling of non-IP protocols added
Actions
Copy link
 #28

Updated by Philippe Antoine about 1 month ago

More metrics for half-open connections would be useful

Actions
Copy link
 #29

Updated by Philippe Antoine about 1 month ago

ether.type keyword

Actions
Copy link
 #30

Updated by Jason Ish about 1 month ago

  • Related to Task #3301: Research: Failover support within the current IPS implementation added
Actions
Copy link
 #31

Updated by Philippe Antoine about 1 month ago

A preliminary list of configs that would be nice to be able to configure with unix socket.

exception policies.
Address groups (HOME_NET etc)
flow-timeouts settings
logging type configurations
elephant flow configurations

Actions
Copy link
 #32

Updated by Philippe Antoine about 1 month ago

Recognize RTP (to bypass it) a bit like FTP expectation : SIP to initialize communication and then go to random selected ports (from SIP) for RTP

Actions
Copy link
 #33

Updated by Juliana Fajardini Reichow about 1 month ago

Actions
Copy link
 #34

Updated by Philippe Antoine about 1 month ago

xposing smb.status, smb.command fields in the smb preprocessor would help write some better detections for things

Actions
Copy link

Also available in: Atom PDF