Actions
Bug #2060
closedlua rules not compatible with new tls_* keywords
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
By running suricata on the provided pcap and rules, we have alerts with the signature with SID 1.
suricata -r tls.pcap -k none -l log/ -S tls-no-lua.rules
When using the second signature in the file (using the old style tls.subject keyword), then we have no alert.
Files
Actions