Actions
Task #4772
opentracking: parity between fields logged and fields available for detection
Added by Victor Julien about 3 years ago. Updated 4 months ago.
Effort:
Difficulty:
Label:
Updated by Victor Julien about 3 years ago
- Related to Feature #2021: doc: sha256 filesum extraction missing in documentation added
Updated by Victor Julien about 3 years ago
- Related to deleted (Feature #2021: doc: sha256 filesum extraction missing in documentation)
Updated by Victor Julien about 3 years ago
- Related to Task #4762: Suricon 2021 brainstorm added
Updated by Victor Julien over 2 years ago
- Related to Feature #4174: tracking: app-layer frame inspection support added
Updated by Jason Ish almost 2 years ago
- Related to Feature #5642: DNS: parity between log fields and detection added
Updated by Philippe Antoine almost 2 years ago
My next thing here is to look into the schema.json for integers where there are no signature keywords, starting by the flow.nbpackets or such (as I did flow.age last)
Updated by Philippe Antoine over 1 year ago
- Related to Feature #6164: rules: allow matching on flow pkts and bytes added
Updated by Juliana Fajardini Reichow about 1 year ago
- Related to Feature #5234: SSL/TLS Sticky Buffer for subjectAltName added
Updated by Juliana Fajardini Reichow about 1 year ago
Added #5234 as related as it seems that we parse and log the info, but it's not accessible to the rule language.
Updated by Philippe Antoine 12 months ago
- Related to Task #6443: Suricon 2023 brainstorm added
Updated by Juliana Fajardini Reichow 12 months ago
- Related to Task #6473: detect: smtp keyword coverage added
Updated by Juliana Fajardini Reichow 12 months ago
- Related to Feature #4876: Additional FTP Buffers added
Updated by Juliana Fajardini Reichow 11 months ago
- Related to Task #6463: eve/output: investigate how to track coverage / parity added
Updated by Juliana Fajardini Reichow 11 months ago
- Related to Story #6597: rules: improve rules keyword/output parity added
Updated by Victor Julien 7 months ago
- Target version changed from TBD to 8.0.0-beta1
Updated by Victor Julien 5 months ago
@Jason Ish has a script to dump all the eve fields. Perhaps we can use it to map it to rule keywords/buffers.
Updated by Victor Julien 4 months ago
- Related to Feature #7100: smb: additional keywords added
Updated by Victor Julien 4 months ago
- Target version changed from 8.0.0-beta1 to TBD
Actions