https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022013-01-14T06:48:45ZOpen Information Security FoundationSuricata - Feature #713: tls.fingerprint - file usagehttps://redmine.openinfosecfoundation.org/issues/713?journal_id=27052013-01-14T06:48:45ZVictor Julienvictor@inliniac.net
<ul><li><strong>Target version</strong> set to <i>TBD</i></li></ul><p>Would be nice to have.</p> Suricata - Feature #713: tls.fingerprint - file usagehttps://redmine.openinfosecfoundation.org/issues/713?journal_id=60142016-01-01T18:16:05ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>OISF Dev</i></li></ul> Suricata - Feature #713: tls.fingerprint - file usagehttps://redmine.openinfosecfoundation.org/issues/713?journal_id=117782019-04-08T12:14:51ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed parent" href="/issues/2318">Feature #2318</a>: matching on large amounts of data with dynamic updates</i> added</li></ul> Suricata - Feature #713: tls.fingerprint - file usagehttps://redmine.openinfosecfoundation.org/issues/713?journal_id=134862019-09-05T07:55:40ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Assignee</strong> changed from <i>OISF Dev</i> to <i>Victor Julien</i></li><li><strong>Target version</strong> changed from <i>TBD</i> to <i>5.0rc1</i></li></ul><p>TLS fingerprint:</p>
<p>Blacklist:<br /><pre>
alert tls any any -> any any (tls.cert_fingerprint; dataset:isset,bad_tls_certs, load bad_tls_certs.rep, type string; sid:3;)
</pre></p>
<p>Reputation:<br /><pre>
alert tls any any -> any any (tls.cert_fingerprint; datarep:tls_rep, >, 200, load tls_rep.rep, type string; sid:4;)
alert tls any any -> any any (tls.cert_fingerprint; datarep:tls_md5_rep, >, 200, load tls_md5_rep.rep, type md5; sid:5;)
</pre></p>
<p><a class="external" href="https://github.com/OISF/suricata/pull/4166">https://github.com/OISF/suricata/pull/4166</a></p>
<p><a class="external" href="https://suricata.readthedocs.io/en/latest/rules/datasets.html">https://suricata.readthedocs.io/en/latest/rules/datasets.html</a></p>