suricata/rules/websocket-events.rules

# WebSocket app-layer event rules.
#
# These SIDs fall in the 2235000+ range. See:
#    http://doc.emergingthreats.net/bin/view/Main/SidAllocation and
#    https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayer

alert websocket any any -> any any (msg:"SURICATA Websocket skipped end of payload"; app-layer-event:websocket.skip_end_of_payload; classtype:protocol-command-decode; sid:2235000; rev:1;)
alert websocket any any -> any any (msg:"SURICATA Websocket reassembly limit reached"; app-layer-event:websocket.reassembly_limit_reached; classtype:protocol-command-decode; sid:2235001; rev:1;)
app-layer: websockets protocol support Ticket: 2695 10 months ago			`# WebSocket app-layer event rules.`
			`#`
			`# These SIDs fall in the 2235000+ range. See:`
			`# http://doc.emergingthreats.net/bin/view/Main/SidAllocation and`
			`# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayer`

			`alert websocket any any -> any any (msg:"SURICATA Websocket skipped end of payload"; app-layer-event:websocket.skip_end_of_payload; classtype:protocol-command-decode; sid:2235000; rev:1;)`
			`alert websocket any any -> any any (msg:"SURICATA Websocket reassembly limit reached"; app-layer-event:websocket.reassembly_limit_reached; classtype:protocol-command-decode; sid:2235001; rev:1;)`