Project

General

Profile

Actions

Feature #2200

closed

Dynamically add md5 to blacklist without full restart

Added by Scott Macgregor over 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

I would like to see a feature to add blacklist hash entries dynamically.

One client to this api addition could be suricatasc, similar to adding host bits. Currently the file blacklist is loaded into memory but is not exposed for modifications.

Possible use cases could be:

Open suricatasc add new blacklist entry immediately

Add in new IOCs via 3rd party STIX file, and add them without human intervention using this new api function in python.

Connect detection sandboxes to suricata via the file carving and add identified new malware to the network ids on the fly.

Actions

Also available in: Atom PDF