Project

General

Profile

Actions
Copy link

Feature #3549

closed

Add MQTT parser

Added by Sascha Steinbiss about 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Sascha Steinbiss
Target version:
6.0.0beta1
Effort:
Difficulty:
Label:
Protocol

Description

It would probably be useful if Suricata had more support for IoT related protocols, such as MQTT. Zeek has support for that (https://docs.zeek.org/en/current/scripts/policy/protocols/mqtt/main.zeek.html) and it seems to be used in some popular contexts, such as The Things Network.

Both detailed logging (to gather information about communicating parties and publisher/subscriber relationships, potentially allowing to implement anomaly detection on top of that) and indicator based detection (via rules) would be needed to gain visibility into such network activity.

Actions
Copy link
 #1

Updated by Jason Ish about 4 years ago

  • Status changed from New to In Review
Actions
Copy link
 #2

Updated by Victor Julien almost 4 years ago

  • Assignee set to Sascha Steinbiss
  • Target version set to 6.0.0beta1
Actions
Copy link
 #3

Updated by Victor Julien over 3 years ago

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: Atom PDF