Philippe Antoine
e65643909a
doc: move more examples to container:: example-rule
...
Ticket: 8372
And fix another bad rule
3 months ago
Mingyu Jeon
c98112eb67
doc: update tls_cert_notafter/before
...
refs #3065
* add explanation on omitted values
5 months ago
Philippe Antoine
c93e69830a
detect/ssl: properly handle negation in ssl_version keyword
...
Ticket: 3220
DetectSslVersionMatch did not handle properly negation.
It could never match on a signatrue with ssl_version: !tls1.3
That is because, if we had such a signature and network traffic
with tls1.1, we were looking into DetectSslVersionData field
for tls1.1, which was not set, instead of looking at field
for tls1.3 which was set with negated flag.
Previous DetectSslVersionData was holding redundant information.
It did not need to have it for each ssl version, but just globally.
Also, it did not need to hold the version as a value in the array,
as it was redundant with the index of the array.
7 months ago
Victor Julien
a1c4167d94
doc/userguide: add initial protocols overview
...
Explain per protocol mechanics for rule matching.
10 months ago
Victor Julien
8c9dfafc6d
doc/tls: add more detail on tls.random
1 year ago
Victor Julien
3d059611c3
detect: add tls.alpn keyword
...
Ticket: #7108 .
2 years ago
Shivani Bhardwaj
719fda3967
doc: add description about tls.subjectaltname
...
Feature 5234
2 years ago
Philippe Antoine
b8bc2c7e0f
doc: integer keywords
...
Ticket: 6628
Document the generic detection capabilities for integer keywords.
and make every integer keyword pointing to this section.
2 years ago
jason taylor
535938d7f6
doc: add tls.cert_chain_len docs
...
Ticket: #6386
Signed-off-by: jason taylor <jtfas90@gmail.com>
3 years ago
jason taylor
c95fce39f0
doc: add multi buffer support note to keyword docs
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
3 years ago
Philippe Antoine
9bd2b72e2b
doc: explain where tls.store stores certificates
...
By adding a reference/link to the doc about the suricata.yaml
config section pecifying the directory where the certificates
are stored
3 years ago
Haleema Khan
609df1776e
userguide: update tls keywords information
...
Ticket #5544
3 years ago
Lukas Sismis
37cf365e19
docs: remove outdated constraint of negation support for ssl_state
...
Commit 487cdda93d adds negation support for the SSL state.
4 years ago
Shivani Bhardwaj
a77977ec62
doc: add description for tls.random
4 years ago
myr463
755124763d
doc: escape dot in pcre
5 years ago
Mats Klepsland
7020cffaa8
userguide: 'sticky' instead of 'Sticky' for all tls keywords
7 years ago
Mats Klepsland
03d986dd55
userguide: add documentation for tls.certs keyword
7 years ago
Jeff Lucovsky
97fc7c1e1a
documentation: sticky buffer updates
...
This changeset updates the userguide for the TLS and JA3
keywords that have been renamed from <id>_<name> to <id.name>
7 years ago
Pascal Delalande
f2dca46382
doc: fix minor typo
8 years ago
Mats Klepsland
be8c06adfd
userguide: add documentation for ssl_version keyword
8 years ago
Mats Klepsland
10fcc8d2ca
doc: update tls.version documentation
8 years ago
Mats Klepsland
9556d4fef3
doc: add documentation for tls_cert_fingerprint keyword
9 years ago
Mats Klepsland
ee9f822b8e
doc: add documentation for tls_cert_serial keyword
10 years ago
David Wharton
1bf7ded224
doc: specify buffers that can be used for fast_pattern
...
Updated notes on the following buffers indicating that they can
be used for fast_pattern:
tls_cert_subject
tls_cert_issuer
tls_sni
10 years ago
David Wharton
b1ad770b36
doc: removed references to older Suricata versions
...
docs are versioned; references to older Suricata versions undesired.
10 years ago
Eric Leblond
c357dafed9
doc: document the tls_sni keyword
10 years ago
Victor Julien
e3b2d95100
doc: add recent tls keywords
10 years ago
Jason Ish
2751baae46
doc: rename from "sphinx" to "userguide"
10 years ago