Project

General

Profile

Actions
Copy link

Task #8123

open
JF VJ

Task #4763: tracking: Suricon brainstorms

Suricon 2025 Brainstorm

Task #8123: Suricon 2025 Brainstorm

Added by Juliana Fajardini Reichow 5 months ago. Updated 5 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
TBD
Effort:
Difficulty:
Label:

Related issues 23 (22 open1 closed)

Related to Suricata - Feature #6831: rules: support extraction of bytes of non-numeric valuesNewVictor JulienActions
Related to Suricata - Feature #2487: rules: buffers for field/value pairs in http.uri and http.client_bodyIn ProgressPhilippe AntoineActions
Related to Suricata - Feature #2301: netflow: dump records at intervalFeedbackJason IshActions
Related to Suricata - Feature #473: pcap log: alert log with packet indexesNewCommunity TicketActions
Related to Suricata - Feature #7401: yaml: add schemaIn ProgressJason IshActions
Related to Suricata - Feature #3316: unix-socket: support dumping flow tableFeedbackCommunity TicketActions
Related to Suricata - Feature #8124: datasets: support subnets NewOISF DevActions
Related to Suricata - Optimization #8125: profiling: help investigating memory consumptionNewOISF DevActions
Related to Suricata - Feature #8130: http: http.uri should normalize the + into space as per RFC 1886AssignedPhilippe AntoineActions
Related to Suricata - Feature #8128: rules/transform: add json_decode transformAssignedOISF DevActions
Related to Suricata - Feature #4840: stats: distinguish between observational stats and performance statsNewOISF DevActions
Related to Suricata - Task #8131: modbus: add detection keywords to match logging valuesAssignedOISF DevActions
Related to Suricata - Feature #8117: rules: flow.elephant keywordClosedShivani BhardwajActions
Related to Suricata - Task #3299: tracking: Add support for industrial protocolNewCommunity TicketActions
Related to Suricata - Feature #6461: ics protocol: bacnetNewGiuseppe LongoActions
Related to Suricata - Feature #4249: ics protocol: SS7 Protocol SupportAssignedSimon DugasActions
Related to Suricata - Task #4251: protocol: SCTP supportNewGiuseppe LongoActions
Related to Suricata - Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption toolsAssignedVictor JulienActions
Related to Suricata - Feature #6462: ics protocol: IEC104 Protocol SupportNewCommunity TicketActions
Related to Suricata - Task #5678: tracking: improve handling of non-IP protocolsAssignedVictor JulienActions
Related to Suricata - Task #3301: Research: Failover support within the current IPS implementationNewCommunity TicketActions
Related to Suricata - Feature #5705: protocol: Wireguard parserAssignedPierre ChifflierActions
Related to Suricata - Feature #7979: sslproxy: add support for parsing decrypted trafficIn ReviewVictor JulienActions

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #1

  • Parent task set to #4763

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #2

  • Related to Feature #6831: rules: support extraction of bytes of non-numeric values added

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #3

  • Related to Feature #2487: rules: buffers for field/value pairs in http.uri and http.client_body added

JI Updated by Jason Ish 5 months ago Actions
Copy link
 #4

  • Related to Feature #2301: netflow: dump records at interval added

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #5

  • Related to Feature #473: pcap log: alert log with packet indexes added

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #6

JI Updated by Jason Ish 5 months ago Actions
Copy link
 #7

  • Related to Feature #3316: unix-socket: support dumping flow table added

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #8

  • Tracker changed from Bug to Task

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #9

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #10

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #11

  • Related to Feature #8130: http: http.uri should normalize the + into space as per RFC 1886 added

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #12

  • Related to Feature #8128: rules/transform: add json_decode transform added

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #13

  • Related to Feature #4840: stats: distinguish between observational stats and performance stats added

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #14

  • Status changed from New to Assigned

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #15

  • Related to Task #8131: modbus: add detection keywords to match logging values added

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #16

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #17

  • Related to Task #3299: tracking: Add support for industrial protocol added

JI Updated by Jason Ish 5 months ago Actions
Copy link
 #18

JI Updated by Jason Ish 5 months ago Actions
Copy link
 #19

  • Related to Feature #4249: ics protocol: SS7 Protocol Support added

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #20

  • Related to Task #4251: protocol: SCTP support added

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #21

add more features to the supported protocols for Enhanced application protocol logs, Would be helpful - example - RDP, DHCP,MQTT, SMTP, Websockets, SMBCmd, FTP

JI Updated by Jason Ish 5 months ago Actions
Copy link
 #22

  • Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools added

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #23

  • Related to Feature #6462: ics protocol: IEC104 Protocol Support added

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #24

Would it be possible to have exception policies config options (and more configuration options) updated in real time, without requiring suricata restarts?

like unix-socket

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #25

dataset expiration somehow, maybe it could have a TTL-like thing

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #26

content-logging for ICMP

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #27

  • Related to Task #5678: tracking: improve handling of non-IP protocols added

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #28

More metrics for half-open connections would be useful

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #29

ether.type keyword

JI Updated by Jason Ish 5 months ago Actions
Copy link
 #30

  • Related to Task #3301: Research: Failover support within the current IPS implementation added

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #31

A preliminary list of configs that would be nice to be able to configure with unix socket.

exception policies.
Address groups (HOME_NET etc)
flow-timeouts settings
logging type configurations
elephant flow configurations

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #32

Recognize RTP (to bypass it) a bit like FTP expectation : SIP to initialize communication and then go to random selected ports (from SIP) for RTP

JF Updated by Juliana Fajardini Reichow 5 months ago Actions
Copy link
 #33

PA Updated by Philippe Antoine 5 months ago Actions
Copy link
 #34

xposing smb.status, smb.command fields in the smb preprocessor would help write some better detections for things

PA Updated by Philippe Antoine 4 months ago Actions
Copy link
 #35

  • Related to Feature #7979: sslproxy: add support for parsing decrypted traffic added
Actions
Copy link

Also available in: PDF Atom