OISF brainstorming: planning phase 3 (take 3)

GEO IP

Idea is to add a keyword that would be used to interact with GEOIP database (free at least) and be able to use it to detect things like control canal. For example, an IRC server in an non common country is certainly a control canal.

Live ruleset swap

A must have! This is vital for critical environnement. This is very costly in memory and this should be an option to avoid exploding low memory boxes.

Qosmos integration / API for data exchange

Bringing protocol analysis is an interesting point as it will help to increase performance and accuracy of the engine. Knowing the protocol permit to only run protocol related rules to flow of that protocol. And this avoid to have false detection by running the rules on bad protocol. OpenDPI technology and Qosmos technology integration is discussed. A common API is needed to be able to use both systems.

Global shared flowvars

Global flow var will permit to change the way we build rules. Not being constrained anymore to stream variable will increase the power of rules.

Host/app/OS table import

Idea is to load host type from file to be able to tune the host setting precisely.

IPFIX support

IPFIX support as entry or output could bring some advantages.

Conclusion

Matt Jonkman and Victor Julien will now summarize the input and publish on OISF website the planned features for phase 3 based on discussion about priority of the tasks that have been held.

2 thoughts on “OISF brainstorming: planning phase 3 (take 3)”

  1. Your style is so unique in comparison to other people I’ve read
    stuff from. Thank you for posting when you have the opportunity, Guess I will just book mark
    this web site.

  2. I think what you composed was actually very reasonable.
    But, think about this, what if you were to create a awesome title?
    I am not suggesting your content is not good, however suppose you added a post
    title to maybe grab a person’s attention? I mean OISF brainstorming: planning
    phase 3 (take 3) – To Linux and beyond ! is a little vanilla.

    You should glance at Yahoo’s home page and watch how they create post titles to grab viewers to
    open the links. You might try adding a video or a pic or two to get readers excited about what you’ve written. In my opinion, it would
    make your posts a little bit more interesting.

Leave a Reply

Your email address will not be published. Required fields are marked *