Task #5893
Updated by Victor Julien almost 2 years ago
It's come up several times that it would be helpful for Suricata to understand file types better for classification and deeper analysis.
Currently Suricata for the most part treats files as binary blobs. The only deeper inspection is through file.magic, which has several issues limiting it's usefulness.
Making Suricata more aware of files and their content and structure will be a significant project.
The goal of this ticket is to track the various ideas that are related to this broad topic.