Feature #5082
closed
smb: keyword for matching the SMB files
Added by Eloy Pérez over 2 years ago.
Updated 7 months ago.
Description
It would be nice to have a keyword that allows to match the filenames that are being accessed/created through smb create requests.
- Status changed from New to In Review
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
- Target version changed from 7.0.0-rc1 to 8.0.0-beta1
- Status changed from In Review to New
- Assignee changed from Eloy Pérez to Community Ticket
- Assignee changed from Community Ticket to Jason Taylor
Looking at this ticket again and the functionality, it seems like the desired functionality is available from the file.name keyword today. I tested the suricata-verify tests that were created along with the pull request and those pcaps fire the expected alerts using file.name.
What are the thoughts around continuing this work?
- Status changed from New to Resolved
- Status changed from Resolved to Closed
Also available in: Atom
PDF