Task #5050: rules/frames: settle on rule syntax - Suricata - Open Information Security Foundation

Actions

Copy link

Task #5050

open

Feature #4174: tracking: app-layer frame inspection support

rules/frames: settle on rule syntax

Added by Victor Julien over 2 years ago. Updated about 2 years ago.

Status:

Assigned

Priority:

Normal

Assignee:

Victor Julien

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Description

Currently frames are accessed through a frames keyword. We could also allow using the frame names directly in rules, like alert sip ... (request_line; content:"REGISTER"; ...). This needs more thought about how it ties in to other rule syntax.

See also https://github.com/OISF/suricata/pull/6915/commits/ae71c5813fd77d22a5e03b71b1012d670b13b698

Related issues 2 (2 open — 0 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

	Related to Suricata - Task #5181: detect/engine-analyzer: add rule analyzer warnings about rules that could use the frame keyword/semantics/feature	New	OISF Dev				Actions
	Related to Suricata - Documentation #4705: userguide: add sections about frame support	New	Victor Julien				Actions

Project

General

Profile

Suricata

Custom queries

Task #5050

rules/frames: settle on rule syntax

Updated by Juliana Fajardini Reichow over 2 years ago

Updated by Juliana Fajardini Reichow over 2 years ago

Updated by Victor Julien about 2 years ago