Project

General

Profile

Actions
Copy link

Feature #8250

open
OD OD

rules: distinct ip counting logic

Feature #8250: rules: distinct ip counting logic

Added by Ofer Dagan 3 months ago. Updated 2 months ago.

Status:
In Review
Priority:
Normal
Assignee:
Ofer Dagan
Target version:
9.0.0-beta1
Effort:
low
Difficulty:
Label:

Description

In continuous to this ticket - https://redmine.openinfosecfoundation.org/issues/7928.

Implementing now unique_on options for src_ip and dst_ip.

Example for host scan rule:
alert tcp any any -> any any (msg:"Potential TCP SYN Scan Detected"; flags:S; threshold:type both, track by_src, count 50, seconds 60, unique_on dst_ip; classtype:network-scan; sid:1000001; rev:1;)

PA Updated by Philippe Antoine 2 months ago Actions
Copy link
 #2

  • Assignee set to Ofer Dagan

PA Updated by Philippe Antoine 2 months ago Actions
Copy link
 #3

  • Status changed from In Progress to In Review

JF Updated by Juliana Fajardini Reichow 2 months ago Actions
Copy link
 #4

  • Target version changed from TBD to 9.0.0-beta1
Actions
Copy link

Also available in: PDF Atom