Optimization #1873
closed
Classtypes missing on decoder-events,files, and stream-events
Added by Jack Mott over 8 years ago.
Updated over 7 years ago.
Description
Hi,
These rules do not have an associated classtype with them. Could you take a look and determine if that would be a relevant addition?
Best,
Jack
- Tracker changed from Bug to Optimization
- Assignee set to OISF Dev
- Target version set to TBD
stream-events has classtype, do you have anything special in mind?
We have some shipped rules with classtypes and some without:
(classtype:protocol-command-decode)
- app-layer-events.rules
- http-events.rules
- smtp-events.rules
- stream-events.rules
- tls-events.rules
(no classtype)
- decoder-events.rules
- dnp3-events.rules
- dns-events.rules
- files.rules
- modbus-events.rules
Something we just forgot or is that for a specific reason?
Seems it was forgotten. Btw the files.rules file is really only meant to be an example.
Yep that's also why the rules in there are commented, so would it be ok to add the classtype:protocol-command-decode to the 4 rule files left?
- Assignee changed from OISF Dev to Andreas Herz
- Status changed from New to Closed
- Target version changed from TBD to 4.0beta1
Also available in: Atom
PDF