Actions
Feature #5516
closedtls: client cert detection
Effort:
Difficulty:
Label:
Description
Update various cert detection keywords to support client certs.
Actions
Added by Victor Julien about 3 years ago. Updated almost 3 years ago.
Description
Update various cert detection keywords to support client certs.
These already check the client cert (depending on direction)
- tls.subject
- tls.issuerdn
- tls.fingerprint
- tls_cert_notbefore
- tls_cert_notafter
- tls_cert_expired
- tls_cert_valid
These do not check the client cert and require update:
- tls.cert_fingerprint
- tls.cert_issuer
- tls.certs
- tls.cert_serial
- tls.cert_subject
Not sure about
- tls.store
Merged through https://github.com/OISF/suricata/pull/8314