Project

General

Profile

Actions
Copy link

Optimization #7304

open

Better support multi-protocol keywords

Added by Philippe Antoine 19 days ago.

Status:
New
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Have a rule like
alert ip any any -> any any (sid: 1; file.data; content: "toto"; ja3.hash; content: "abcdef0123456789abcdef0123456789";)
failing to load

Currently, multi protocol keywords are :
- DCERPC/SMB stuff
- JA3/JA4 for quic/tls
- file keywords
- HTTP/1 HTTP/2 somehow
DoH2 does not have this...

No data to display

Actions
Copy link

Also available in: Atom PDF