Feature #6794: Tie signature to live device in IPS mode - Suricata - Open Information Security Foundation

Feature #6794

Be able to tie signatures to a specific interface in IPS mode. Suricata supports multi-tenancy and there could be a solution going down that path, but multi-tenancy is not currently supported for IPS. 

 I have a solution that implements an "origin" keyword that essentially adds a role to a live device, i.e. client, server, internet, subscriber, etc., then the origin keyword is used so that a signature only triggers if a flow originated from an interface with a specific role. 

 I will make a PR shortly with this keyword.

Back

Project

General

Profile

Suricata

Feature #6794