Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing keywords for ET OPEN #53

Closed
duanehoward opened this issue Oct 18, 2019 · 1 comment · Fixed by #59
Closed

Missing keywords for ET OPEN #53

duanehoward opened this issue Oct 18, 2019 · 1 comment · Fixed by #59

Comments

@duanehoward
Copy link
Collaborator

After processing ET OPEN with trojan.rules web_specific_apps.rules and current _events.rules I've identified support gaps for the following missing keywords:

68 stream_size
10 itype
10 icode
3 flags
2 ssl_version
1 rawbytes
1 icmp_id

So, we're pretty close to complete support for ET OPEN. A few gaps to fille.
This was referenced Oct 19, 2019
Merged
Merged
Merged
Merged
@duanehoward
Copy link
Collaborator Author

After trying to parse the entire ET OPEN set we still miss the following key words. Many of them can probably just be handled as tags.

19 ip_proto
17 window
17 fragbits
14 ack
10 asn1
8 id
4 detection_filter
3 ttl
3 ipopts
2 ssh.softwareversion
2 seq
1 sameip
1 ftpbounce
1 fragoffset
1 dce_iface
1 app-layer-protocol

@duanehoward duanehoward mentioned this issue Oct 20, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Standalone tag style keywords. Super basic support. google/gonids
1 participant
@duanehoward