Feature #2319
closed
Expose flow lifetime to the rulelanguage
Added by Stian Bergseth about 7 years ago.
Updated about 2 years ago.
Label:
Beginner, C, Outreachy
Description
During the roadmap discussion in Prague someone asked for the possiblity to detect long lived sessions.
VictorJ said that this data was already stored somewhere.
I guess a sanity check of config for timeouts vs length of duration looked for in the signature would be a good idea
- Related to Task #2309: SuriCon 2017 brainstorm added
- Target version set to TBD
Stian are you planning to submit an implementation for this?
- Assignee changed from Stian Bergseth to Anonymous
- Effort set to low
- Difficulty set to low
- Assignee set to Community Ticket
- Label Beginner, Outreachy added
- Related to Feature #3271: Add keyword to determine flow based speed/bw added
- Assignee changed from Community Ticket to Stian Bergseth
Additional ideas we will split into dedicated issues:
Dump the flow table over unix socket.
Explore also loading the flow table into suricata as part of a state keeping.
- Assignee changed from Stian Bergseth to Community Ticket
- Effort deleted (
low)
- Difficulty deleted (
low)
- Label C added
- Is duplicate of Bug #5536: detect: flow.age keyword added
- Status changed from New to Closed
- Assignee deleted (
Community Ticket)
- Target version deleted (
TBD)
Closed as duplicate of #5536.
- Status changed from Closed to Rejected
Also available in: Atom
PDF