Project

General

Profile

Actions
Copy link

Feature #7097

closed

Additions to flow detection - size

Added by Peter Manev 5 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Description

It will be good for detection if we can have a way of highlighting

It would be nice to be able to alert on big SSH/RDP/TLS etc , flows regardless of what the stream depth is set to be.
Of course this can be done in a SIEM search via the suricata event_type flow logs, but a possibility to generate an alert goes a long way in giving flexibility to the blue team/defenders.
This can be useful in many ways, especially in housekeeping / policy violations types of scenarios but also exfiltration detection and other.

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #5646: rules: allow matching on flow pkts and bytes in either directionIn ReviewShivani BhardwajActions
Actions
Copy link
 #1

Updated by Victor Julien 5 months ago

  • Status changed from New to Feedback

What else do you need than the things already in #6164?

Actions
Copy link
 #3

Updated by Philippe Antoine 4 months ago

  • Related to Feature #5646: rules: allow matching on flow pkts and bytes in either direction added
Actions
Copy link
 #4

Updated by Philippe Antoine 4 months ago

  • Status changed from Feedback to Closed

Duplicate of #5646 then

Actions
Copy link

Also available in: Atom PDF