Open Information Security Foundation

06/17/2024

07:09 PM Suricata Feature #5646: rules: allow matching on flow pkts and bytes

"either" is good in my opinion. Peter Manev

09:53 AM Suricata Feature #7097: Additions to flow detection - size

This should cover it https://redmine.openinfosecfoundation.org/issues/5646 Peter Manev

06:55 AM Suricata Feature #7103 (Feedback): ssh: extra fields and keywords

Consider adding more ssh protocol fields (to the existing ssh protocol logging) and ssh keywords (to the rules for ... Peter Manev

06/16/2024

04:23 PM Suricata Feature #7101 (Feedback): eve: add number of flowbits in protocol records and alerts

Very useful for hunting can be the number of flowbits present in a protocol log or alert.
Details: https://www.st... Peter Manev

04:17 PM Suricata Feature #7100 (New): smb: additional keywords

We have the regular event_type SMB logs.
Some alert detection additions of SMB keywords could be very useful. ... Peter Manev

04:03 PM Suricata Feature #7099 (New): Addition of total bytes to the flow logs

We currently have to server,to client bytes in the flow logs.
It is very useful to have a total bytes filed that ... Peter Manev

04:00 PM Suricata Feature #7098 (Closed): Payload length field in JSON

In most alerts there is a section in the log that has the actual payload/payload_printable where the match occurred. ... Peter Manev

03:53 PM Suricata Feature #7097 (Closed): Additions to flow detection - size

It will be good for detection if we can have a way of highlighting
It would be nice to be able to alert on big ... Peter Manev

03:46 PM Suricata Feature #7096 (New): detect/flow: additions to time detection

Suricata produces by default flow logs. (event_type flow) that can be ingested and searched in a SIEM.
The flo... Peter Manev

03:26 PM Suricata Feature #7095 (New): rdp: keywords additions

While Suricata generates RDP protocol logs itself , it is often useful to have rdp keywords available so custom signa... Peter Manev