Actions
Feature #3512
closedstream depth event rule
Effort:
Difficulty:
Label:
Description
It might be helpful to introduce a stream depth event rule to validate if it's working as expected and to get an overview of possible elephant flows
Updated by Victor Julien over 4 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
Updated by Victor Julien over 4 years ago
- Target version changed from 6.0.0beta1 to 7.0.0-beta1
Updated by Victor Julien almost 3 years ago
- Assignee changed from Victor Julien to Jeff Lucovsky
Updated by Jeff Lucovsky over 2 years ago
This sounds like it could be interesting but I'd need some more information.
Are you asking for an event to be triggered is the stream.depth would be exceeded?
Updated by Andreas Herz over 2 years ago
Exactly, so this could help to detect elephant flows or helps in testing if this feature works properly if you have a flow that should trigger it but doesn't.
I would compare it as another helper like we already have with packets on wrong threads etc.
Updated by Jeff Lucovsky over 2 years ago
- Status changed from Assigned to In Review
Suricata: https://github.com/OISF/suricata/pull/7623
Suricata-verify: https://github.com/OISF/suricata-verify/pull/879
Updated by Jeff Lucovsky about 2 years ago
- Status changed from In Review to Closed
Actions