Project

General

Profile

Actions

Feature #2319

closed

Expose flow lifetime to the rulelanguage

Added by Stian Bergseth about 7 years ago. Updated about 2 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:
Beginner, C, Outreachy

Description

During the roadmap discussion in Prague someone asked for the possiblity to detect long lived sessions.
VictorJ said that this data was already stored somewhere.

I guess a sanity check of config for timeouts vs length of duration looked for in the signature would be a good idea


Related issues 3 (2 open1 closed)

Related to Suricata - Task #2309: SuriCon 2017 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #3271: Add keyword to determine flow based speed/bwNewOISF DevActions
Is duplicate of Suricata - Bug #5536: detect: flow.age keywordClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF