Actions
Documentation #4980
openFeature #4174: tracking: app-layer frame inspection support
doc/frames: document frame rule keyword
Affected Versions:
Effort:
Difficulty:
Label:
Updated by Juliana Fajardini Reichow over 2 years ago
- Status changed from Assigned to In Progress
Updated by Juliana Fajardini Reichow over 2 years ago
PR for review: https://github.com/OISF/suricata/pull/6927
Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Documentation #4705: userguide: add sections about frame support added
Updated by Victor Julien about 2 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien about 2 years ago
- Assignee changed from Juliana Fajardini Reichow to Victor Julien
Updated by Juliana Fajardini Reichow almost 2 years ago
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
Updated by Juliana Fajardini Reichow over 1 year ago
- Tracker changed from Feature to Documentation
- Target version changed from 7.0.0-rc2 to 7.0.0
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.0 to 7.0.1
Updated by Victor Julien about 1 year ago
- Assignee changed from Victor Julien to OISF Dev
Updated by Victor Julien about 1 year ago
- Target version changed from 7.0.1 to 7.0.2
Updated by Victor Julien about 1 year ago
- Target version changed from 7.0.2 to 7.0.3
Updated by Victor Julien 12 months ago
- Target version changed from 7.0.3 to 8.0.0-beta1
Updated by Philippe Antoine about 2 months ago
- Assignee changed from OISF Dev to Juliana Fajardini Reichow
Juliana, what is left to do here ? There is already some doc...
Updated by Juliana Fajardini Reichow about 2 months ago
I got stuck back then when trying to create good frame rules, as we wanted to have good examples, then other tasks with higher priority got in the way.
I think we could/should try to get an initial version of docs in, and then add a ticket to improve rule examples etc. Mauybe I could take from where I left here (cf https://github.com/OISF/suricata/pull/7059#issuecomment-1176179128) and try to get said first version merged...
Better having something, than barely anything.
Actions