General

Profile

Ofer Dagan

  • Login: oferdagan
  • Email: ofer.d@claroty.com
  • Registered on: 09/26/2024
  • Last sign in: 09/21/2025

Issues

open closed Total
Assigned issues 1 0 1
Reported issues 5 2 7

Activity

09/21/2025

05:30 PM Suricata Feature #7928 (New): rules: distinct counting logic
Hello team,
I wish to introduce a new feature suggestion and after your approval and direction I would like to imple... Ofer Dagan
11:14 AM Suricata Bug #5255: Reported pcap_filename in alerts are not correct
Hi there,
Is there an update regarding this ticket? Ofer Dagan

06/25/2025

10:43 AM Suricata Feature #7786: Enhance --pcap-file-delete to Conditionally Delete PCAPs Based on Alerts
I've opened a PR with the suggested solution - https://github.com/OISF/suricata/pull/13528
Let me know if you want m... Ofer Dagan
06:52 AM Suricata Feature #7786: Enhance --pcap-file-delete to Conditionally Delete PCAPs Based on Alerts
What do you mean with integrating with our @pcap-log@? It should have no affect on the @pcap-log@ output.
Each packe... Ofer Dagan

06/24/2025

10:26 AM Suricata Feature #7786 (In Review): Enhance --pcap-file-delete to Conditionally Delete PCAPs Based on Alerts
Hello Suricata Team,
I would like to suggest a new feature that enhances the functionality of the `--pcap-file-del... Ofer Dagan
08:53 AM Suricata Feature #7785: pcap-log: support packet context for conditional alerts
Sadly I must discard this approach for our use case because of a bigger issue with the pcap-log feature. It appears t... Ofer Dagan

06/23/2025

10:06 AM Suricata Feature #7785: pcap-log: support packet context for conditional alerts
Thanks for the quick response!
> But there is a known and sadly common case where this is happening: if you have s... Ofer Dagan

06/22/2025

01:43 PM Suricata Feature #7785 (New): pcap-log: support packet context for conditional alerts
Hi all,
Currently the pcap-log feature, when configured with `conditional: alerts`, only records the "golden packe... Ofer Dagan

06/15/2025

11:14 AM Suricata Bug #5255: Reported pcap_filename in alerts are not correct
Hi,
I can confirm that this still happens with suricata 7.0.10. Are there any plans on fixing this? Ofer Dagan

04/10/2025

06:21 AM Suricata Feature #7655 (New): Allow using flow id in pcap log file name
Hi all,
*The Problem*
The issue I'm trying to solve is correlating between an alert and the pcap log it creates i... Ofer Dagan

Also available in: Atom