Feature #6396
closedrules: add protocol string support for mqtt
Description
we would like the ability to sig on the protocol string content on mqtt traffic. The key/value is currently being logged:
"mqtt":{"connect":{"qos":0,"retain":false,"dup":false,"protocol_string":"MQIsdp","protocol_version":3,"client_id":"<snipped>
So something like mqtt.protocol_string would be great.
JT Updated by Jason Taylor over 2 years ago
When looking at the mqtt sources, I noticed what are probably the remnants from a copy/paste in detect-mqtt-type.c:
/**
* \brief Registration function for ipopts: keyword
*/
Totally a minor thing of course just figured a fixup could go in with this tickets main work
SS Updated by Sascha Steinbiss over 2 years ago
- Status changed from New to In Progress
- Label C, Needs Suricata-Verify test, Rust added
SS Updated by Sascha Steinbiss over 2 years ago
Jason Taylor wrote in #note-1:
When looking at the mqtt sources, I noticed what are probably the remnants from a copy/paste in detect-mqtt-type.c:
/**
- \brief Registration function for ipopts: keyword
*/Totally a minor thing of course just figured a fixup could go in with this tickets main work
True, will include that in the PR. Thanks for spotting this!
SS Updated by Sascha Steinbiss over 2 years ago
- Status changed from In Progress to In Review
PA Updated by Philippe Antoine over 2 years ago
- Target version changed from TBD to 8.0.0-beta1
PA Updated by Philippe Antoine over 2 years ago
- Status changed from In Review to Closed
VJ Updated by Victor Julien about 1 year ago
- Subject changed from Add protocol string support for mqtt to rules: add protocol string support for mqtt