Task #8123
openTask #4763: tracking: Suricon brainstorms
Suricon 2025 Brainstorm
Added by Juliana Fajardini Reichow 5 months ago. Updated 5 months ago.
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #1
- Parent task set to #4763
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #2
- Related to Feature #6831: rules: support extraction of bytes of non-numeric values added
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #3
- Related to Feature #2487: rules: buffers for field/value pairs in http.uri and http.client_body added
JI Updated by Jason Ish 5 months ago Actions #4
- Related to Feature #2301: netflow: dump records at interval added
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #5
- Related to Feature #473: pcap log: alert log with packet indexes added
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #6
- Related to Feature #7401: yaml: add schema added
JI Updated by Jason Ish 5 months ago Actions #7
- Related to Feature #3316: unix-socket: support dumping flow table added
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #8
- Tracker changed from Bug to Task
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #9
- Related to Feature #8124: datasets: support subnets added
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #10
- Related to Optimization #8125: profiling: help investigating memory consumption added
PA Updated by Philippe Antoine 5 months ago Actions #11
- Related to Feature #8130: http: http.uri should normalize the + into space as per RFC 1886 added
PA Updated by Philippe Antoine 5 months ago Actions #12
- Related to Feature #8128: rules/transform: add json_decode transform added
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #13
- Related to Feature #4840: stats: distinguish between observational stats and performance stats added
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #14
- Status changed from New to Assigned
PA Updated by Philippe Antoine 5 months ago Actions #15
- Related to Task #8131: modbus: add detection keywords to match logging values added
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #16
- Related to Feature #8117: rules: flow.elephant keyword added
PA Updated by Philippe Antoine 5 months ago Actions #17
- Related to Task #3299: tracking: Add support for industrial protocol added
JI Updated by Jason Ish 5 months ago Actions #18
- Related to Feature #6461: ics protocol: bacnet added
JI Updated by Jason Ish 5 months ago Actions #19
- Related to Feature #4249: ics protocol: SS7 Protocol Support added
PA Updated by Philippe Antoine 5 months ago Actions #20
- Related to Task #4251: protocol: SCTP support added
PA Updated by Philippe Antoine 5 months ago Actions #21
add more features to the supported protocols for Enhanced application protocol logs, Would be helpful - example - RDP, DHCP,MQTT, SMTP, Websockets, SMBCmd, FTP
JI Updated by Jason Ish 5 months ago Actions #22
- Related to Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools added
PA Updated by Philippe Antoine 5 months ago Actions #23
- Related to Feature #6462: ics protocol: IEC104 Protocol Support added
PA Updated by Philippe Antoine 5 months ago Actions #24
Would it be possible to have exception policies config options (and more configuration options) updated in real time, without requiring suricata restarts?
like unix-socket
PA Updated by Philippe Antoine 5 months ago Actions #25
dataset expiration somehow, maybe it could have a TTL-like thing
PA Updated by Philippe Antoine 5 months ago Actions #26
content-logging for ICMP
PA Updated by Philippe Antoine 5 months ago Actions #27
- Related to Task #5678: tracking: improve handling of non-IP protocols added
PA Updated by Philippe Antoine 5 months ago Actions #28
More metrics for half-open connections would be useful
PA Updated by Philippe Antoine 5 months ago Actions #29
ether.type keyword
JI Updated by Jason Ish 5 months ago Actions #30
- Related to Task #3301: Research: Failover support within the current IPS implementation added
PA Updated by Philippe Antoine 5 months ago Actions #31
A preliminary list of configs that would be nice to be able to configure with unix socket.
exception policies.
Address groups (HOME_NET etc)
flow-timeouts settings
logging type configurations
elephant flow configurations
PA Updated by Philippe Antoine 5 months ago Actions #32
Recognize RTP (to bypass it) a bit like FTP expectation : SIP to initialize communication and then go to random selected ports (from SIP) for RTP
JF Updated by Juliana Fajardini Reichow 5 months ago Actions #33
- Related to Feature #5705: protocol: Wireguard parser added
PA Updated by Philippe Antoine 5 months ago Actions #34
xposing smb.status, smb.command fields in the smb preprocessor would help write some better detections for things
PA Updated by Philippe Antoine 4 months ago Actions #35
- Related to Feature #7979: sslproxy: add support for parsing decrypted traffic added