new tls.random keyword
While updating some older TLS sigs in the ET Ruleset which do not make use of existing suricata buffers, I came across this a signature which detects malware using a hard-coded TLS request, specifically leveraging the first four bytes of the client random representing the GMT Unix Time.
Until this buffer is added, I am unable to fully convert the use to making use of buffers.
I see this is mentioned in https://redmine.openinfosecfoundation.org/issues/1766 and documented in https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS_keyword_expansion. However that issue is nondiscrete in it's asks.