Project

General

Profile

Actions

Feature #2939

open

Suricata enhancements - proposals

Added by Michal Vymazal over 3 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

My first proposals for suricata plugins enhancement - TLS/SSL. At this moment moloch shows only TLS version, negotiated cipher and some certificate data.
(Screenshot_20190301_122822.png)

My first proposal is to show also the Diffie-Hellman server parameters, named curve, public key, signature algorithm, signature hash algorithm hash, signature hash algorithm signature and signature length.
(signal-Screenshot_20190327_211955.png, signal-Screenshot_20190327_212101.png)

I hope - this will be usable also for SSH, IKEv1, IKEv2 and IKEv3 handshake.
(IKEv1-main-Screenshot_20190424_174215.png, IKEv2_SA_INIT_Screenshot_20190424_174651.png, elasticsearch-sshv2.pdf)


Files

Actions

Also available in: Atom PDF