Actions
Optimization #7304
openBetter support multi-protocol keywords
Effort:
Difficulty:
Label:
Description
Have a rule likealert ip any any -> any any (sid: 1; file.data; content: "toto"; ja3.hash; content: "abcdef0123456789abcdef0123456789";)
failing to load
Currently, multi protocol keywords are :
- DCERPC/SMB stuff
- JA3/JA4 for quic/tls
- file keywords
- HTTP/1 HTTP/2 somehow
DoH2 does not have this...
Updated by Philippe Antoine about 1 month ago
- Status changed from New to In Review
- Target version changed from TBD to 8.0.0-beta1
Updated by Philippe Antoine about 1 month ago
- Related to Task #5053: app-layer: dynamic alproto IDs added
Updated by Philippe Antoine 8 days ago
I think DCERPC over SMB and DNS over HTTP are the same logically, even if not in Suricata code...
Actions