Actions
Feature #4148
openResearch: SSH Support for additional protocol analysis
Effort:
Difficulty:
Label:
Protocol
Description
Chris G:
Is there any additional work we can do in SSH protocol analysis? Corelight's article on SSH Inference was very interesting, though I'm not how well it works in reality. https://corelight.blog/2019/11/19/corelight-ssh-inference-package/
This could extend to other protocols
Updated by Jeff Lucovsky about 4 years ago
- Related to Task #4097: Suricon 2020 brainstorm added
Updated by Victor Julien about 4 years ago
- Subject changed from Research: Support for additional protocol analysis to Research: SSH Support for additional protocol analysis
- Assignee set to Community Ticket
- Target version set to TBD
I think we first need a description of what is missing and could be added to our SSH parser and/or detection.
Updated by Victor Julien 6 months ago
- Related to Feature #7103: ssh: extra fields and keywords added
Actions