OISF brainstorming: planning phase 3 (take 3)


Idea is to add a keyword that would be used to interact with GEOIP database (free at least) and be able to use it to detect things like control canal. For example, an IRC server in an non common country is certainly a control canal.

Live ruleset swap

A must have! This is vital for critical environnement. This is very costly in memory and this should be an option to avoid exploding low memory boxes.

Qosmos integration / API for data exchange

Bringing protocol analysis is an interesting point as it will help to increase performance and accuracy of the engine. Knowing the protocol permit to only run protocol related rules to flow of that protocol. And this avoid to have false detection by running the rules on bad protocol. OpenDPI technology and Qosmos technology integration is discussed. A common API is needed to be able to use both systems.

Global shared flowvars

Global flow var will permit to change the way we build rules. Not being constrained anymore to stream variable will increase the power of rules.

Host/app/OS table import

Idea is to load host type from file to be able to tune the host setting precisely.

IPFIX support

IPFIX support as entry or output could bring some advantages.


Matt Jonkman and Victor Julien will now summarize the input and publish on OISF website the planned features for phase 3 based on discussion about priority of the tasks that have been held.

6 thoughts on “OISF brainstorming: planning phase 3 (take 3)”

  1. Your style is so unique in comparison to other people I’ve read
    stuff from. Thank you for posting when you have the opportunity, Guess I will just book mark
    this web site.

  2. I think what you composed was actually very reasonable.
    But, think about this, what if you were to create a awesome title?
    I am not suggesting your content is not good, however suppose you added a post
    title to maybe grab a person’s attention? I mean OISF brainstorming: planning
    phase 3 (take 3) – To Linux and beyond ! is a little vanilla.

    You should glance at Yahoo’s home page and watch how they create post titles to grab viewers to
    open the links. You might try adding a video or a pic or two to get readers excited about what you’ve written. In my opinion, it would
    make your posts a little bit more interesting.

  3. Great items from you, man. I’ve take note your stuff prior to and you’re just extremely excellent.
    I really like what you have got here, certainly like what you’re
    stating and the way wherein you assert it.
    You are making it enjoyable and you continue to care for to keep it sensible.
    I can not wait to learn far more from you. This is really a great site.

  4. You really make it appear really easy along with your presentation however I
    find this topic to be really one thing that I believe I’d by no
    means understand. It sort of feels too complex and extremely wide for me.

    I’m looking forward on your next publish, I’ll attempt to get
    the dangle of it!

Leave a Reply

Your email address will not be published. Required fields are marked *