Project

General

Profile

Actions
Copy link

Feature #5639

closed
EL EL

datasets: allow matching on extracted domain

Feature #5639: datasets: allow matching on extracted domain

Added by Eric Leblond over 3 years ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Eric Leblond
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

When matching on tls.sni or http.host, it is convenient to match on the domain name inside the value instead of matching on the full value. If endswith can be used for one domain in one signature using dataset would be more useful.

Related issues 2 (2 open0 closed)

Related to Suricata - Feature #5681: datasets: add more transform layers to match on domainsFeedbackCommunity TicketActions
Related to Suricata - Feature #6802: Support Domain rollup using existing dataset libraryFeedbackOISF DevActions
Actions
Copy link

Also available in: PDF Atom