Open Information Security Foundation

04/17/2018

04:14 PM Suricata Bug #2492: Inverted IP params in fileinfo events

I think the logging should respect the file direction. In all implementations the files are in per-direction 'FileCon...

04/14/2018

07:33 AM Suricata Feature #2320 (Rejected): configure host os policy over unix socket

Rejected as duplicate of #660

07:30 AM Suricata Feature #2277: netinfo: structured information about the network. Output hierarchical network tree in events

At the team meeting in Amsterdam 2018 we agreed that the format should be YAML. It's easier to hand edit, and for mac...

07:25 AM Suricata Feature #2319: Expose flow lifetime to the rulelanguage

Stian are you planning to submit an implementation for this?

07:23 AM Suricata Feature #962: Can I log the mac address of the source?

At the team meeting in Amsterdam 2018 we agreed on the following:
for packets, log mac src/dst as a scalar field i...

07:18 AM Suricata Feature #2485 (Assigned): http: log byte range with file extraction

While byte ranges are not supported, it would be nice to at least log the range to the fileinfo records so that post ...

07:15 AM Suricata Feature #1705 (Closed): hyperscan pcre integration

After experimentation & discussion this didn't seem worth the effort.

04/13/2018

03:59 PM Suricata Feature #2484 (New): no stream events after known pkt loss in flow

Stream events become extra noisy after a gap has been seen (pkt loss). Disable stream events for the rest of this flow.

03:56 PM Suricata Feature #2315 (Assigned): eve: ftp logging

03:55 PM Suricata Feature #2311: math on extracted values

We need feedback on what usecases would need to be added/supported.