Feature #6396: rules: add protocol string support for mqtt - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #6396

closed

rules: add protocol string support for mqtt

Added by Jason Taylor over 1 year ago. Updated 5 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Sascha Steinbiss

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

C, Needs Suricata-Verify test, Rust

Description

we would like the ability to sig on the protocol string content on mqtt traffic. The key/value is currently being logged:

"mqtt":{"connect":{"qos":0,"retain":false,"dup":false,"protocol_string":"MQIsdp","protocol_version":3,"client_id":"<snipped>

So something like mqtt.protocol_string would be great.

Updated by Sascha Steinbiss over 1 year ago

Status changed from New to In Progress
Label C, Needs Suricata-Verify test, Rust added

Updated by Sascha Steinbiss over 1 year ago

Status changed from In Progress to In Review

Updated by Philippe Antoine over 1 year ago

Target version changed from TBD to 8.0.0-beta1

Updated by Philippe Antoine over 1 year ago

Status changed from In Review to Closed

Updated by Victor Julien 5 days ago

Subject changed from Add protocol string support for mqtt to rules: add protocol string support for mqtt

Actions

Copy link

Also available in: Atom PDF

Project

General

Custom queries

Profile

Suricata

Feature #6396

rules: add protocol string support for mqtt

Updated by Jason Taylor over 1 year ago

Updated by Sascha Steinbiss over 1 year ago

Updated by Sascha Steinbiss over 1 year ago

Updated by Sascha Steinbiss over 1 year ago

Updated by Sascha Steinbiss over 1 year ago

Updated by Philippe Antoine over 1 year ago

Updated by Philippe Antoine over 1 year ago

Updated by Victor Julien 5 days ago