Project

General

Profile

Actions
Copy link

Bug #2060

closed

lua rules not compatible with new tls_* keywords

Added by Eric Leblond about 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

By running suricata on the provided pcap and rules, we have alerts with the signature with SID 1.

suricata -r tls.pcap -k none -l log/ -S tls-no-lua.rules

When using the second signature in the file (using the old style tls.subject keyword), then we have no alert.

Files

Download all files
no.lua (169 Bytes) no.lua Eric Leblond, 03/09/2017 04:58 AM
tls-no-lua.rules (191 Bytes) tls-no-lua.rules Eric Leblond, 03/09/2017 04:58 AM
tls.pcap (184 KB) tls.pcap Eric Leblond, 03/09/2017 04:58 AM
Actions
Copy link

Also available in: Atom PDF