Actions
Feature #3549
closed
SS
SS
Add MQTT parser
Feature #3549:
Add MQTT parser
Effort:
Difficulty:
Label:
Protocol
Description
It would probably be useful if Suricata had more support for IoT related protocols, such as MQTT. Zeek has support for that (https://docs.zeek.org/en/current/scripts/policy/protocols/mqtt/main.zeek.html) and it seems to be used in some popular contexts, such as The Things Network.
Both detailed logging (to gather information about communicating parties and publisher/subscriber relationships, potentially allowing to implement anomaly detection on top of that) and indicator based detection (via rules) would be needed to gain visibility into such network activity.
JI Updated by Jason Ish almost 6 years ago
- Status changed from New to In Review
Initial pull request: https://github.com/OISF/suricata/pull/4733
VJ Updated by Victor Julien almost 6 years ago
- Assignee set to Sascha Steinbiss
- Target version set to 6.0.0beta1
VJ Updated by Victor Julien over 5 years ago
- Status changed from In Review to Closed
Actions