Feature #7097: Additions to flow detection - size - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #7097

closed

Additions to flow detection - size

Added by Peter Manev 5 months ago. Updated 4 months ago.

Status:

Closed

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

It will be good for detection if we can have a way of highlighting

It would be nice to be able to alert on big SSH/RDP/TLS etc , flows regardless of what the stream depth is set to be.
Of course this can be done in a SIEM search via the suricata event_type flow logs, but a possibility to generate an alert goes a long way in giving flexibility to the blue team/defenders.
This can be useful in many ways, especially in housekeeping / policy violations types of scenarios but also exfiltration detection and other.

Related issues 1 (1 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #7097

Additions to flow detection - size

Updated by Victor Julien 5 months ago

Updated by Peter Manev 5 months ago

Updated by Philippe Antoine 4 months ago

Updated by Philippe Antoine 4 months ago