Feature #5639: Allow dataset to match on extracted domain - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #5639

open

Allow dataset to match on extracted domain

Added by Eric Leblond 3 months ago.

Status:

In Review

Priority:

Normal

Assignee:

Eric Leblond

Target version:

TBD

Effort:

Difficulty:

Label:

Description

When matching on tls.sni or http.host, it is convenient to match on the domain name inside the value instead of matching on the full value. If endswith can be used for one domain in one signature using dataset would be more useful.

Related issues 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Updated by Victor Julien 3 months ago

Related to Feature #5681: datasets: add more transform layers to match on domains added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #5639

Allow dataset to match on extracted domain

Updated by Victor Julien 3 months ago