Thanks for open-sourcing this project. We have used Tulip during a CTF with a few patches of our own that we'd now like to contribute back into the original project.
This pull request adds the option to 'exclude' traffic in the flowlist based on tags. In the intersection filter, users can click a tag once to alter it from a disabled to an included state (where traffic must have this tag to be listed in the flowlist), and again to alter it to an excluded state. For a tag in excluded state, a flow must not have this tag in order to be eligible for the flowlist.
This is especially useful in conjunction with pull request #25 that allows one to more easily tag traffic that might not be interesting. See the included screenshots for an example. Moreover, if you're using Suricata as an IPS, you can also exclude based on the 'Blocked' tag and ignore all the traffic that you're rejecting anyway.
Screenshots
No tags included or excluded:
Including some tags while excluding others:
Thanks for open-sourcing this project. We have used Tulip during a CTF with a few patches of our own that we'd now like to contribute back into the original project.
This pull request adds the option to 'exclude' traffic in the flowlist based on tags. In the intersection filter, users can click a tag once to alter it from a
disabled
to anincluded
state (where traffic must have this tag to be listed in the flowlist), and again to alter it to anexcluded
state. For a tag in excluded state, a flow must not have this tag in order to be eligible for the flowlist.This is especially useful in conjunction with pull request #25 that allows one to more easily tag traffic that might not be interesting. See the included screenshots for an example. Moreover, if you're using Suricata as an IPS, you can also exclude based on the 'Blocked' tag and ignore all the traffic that you're rejecting anyway.
Screenshots No tags included or excluded: Including some tags while excluding others: