Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add flowbits feature from Snort/Suricata #17

Open
Xumeiquer opened this issue Sep 17, 2020 · 0 comments
Open

Add flowbits feature from Snort/Suricata #17

Xumeiquer opened this issue Sep 17, 2020 · 0 comments
Assignees
@Xumeiquer
Labels
enhancement New feature or request

Comments

@Xumeiquer
Copy link
Collaborator

Adding this feature will allow MoleIDS to detect multi-phase attacks.

It could be implemented adding a new entry in the meta section, for example:

rule dummy {
    meta:
        // ...
       flowbits = "set:variable, isset:variable, unset:variable"
    // ...
}

The meta entry flowbits will be a comma separated string with key:value options. The key will be the operation against the flowbits and the value will be the variable where the action takes effect.

It will be also possible to reuse operations, like set:var1, set:var2.
@Xumeiquer Xumeiquer added the enhancement New feature or request label Sep 17, 2020
@Xumeiquer Xumeiquer self-assigned this Sep 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Xumeiquer Xumeiquer

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Xumeiquer