Suricata

some ability to replicate this detection logic in datasets is key for supporting IOC based detection via datasets instead to typical content based rules.

using dns.query as an exampleO:

dns.query; dotprefix; content:".google.com"; endswith;

directly related to #5639, though if the implementation of the PSL (as seen within https://github.com/OISF/suricata/pull/8155) is a blocker i'd be fine without having that feature implemented.