Actions
Feature #6396
closedAdd protocol string support for mqtt
Effort:
Difficulty:
Label:
C, Needs Suricata-Verify test, Rust
Description
we would like the ability to sig on the protocol string content on mqtt traffic. The key/value is currently being logged:
"mqtt":{"connect":{"qos":0,"retain":false,"dup":false,"protocol_string":"MQIsdp","protocol_version":3,"client_id":"<snipped>
So something like mqtt.protocol_string would be great.
Actions