detect: add (mpm) hassh keywords
Match on Hassh using ssh.hassh, ssh.hassh.server, ssh.hassh.string, ssh.hassh.server.string keywords, e.g:
alert ssh any any -> any any (msg:"match SSH hash"; ssh.hassh; content:"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; sid:
1000010;)
alert ssh any any -> any any (msg:"match SSH hash-server"; ssh.hassh.server; content:"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; sid:
1000020;)
alert ssh any any -> any any (msg:"match SSH hash-string"; ssh.hassh.string; content:"none,zlib@openssh.com,zlib"; sid:
1000030;)
alert ssh any any -> any any (msg:"match SSH hash-server-string"; ssh.hassh.server.string; content:"umac-64-etm@openssh.com,umac-128-etm@openssh.com,"; sid:
1000040;)
projects / thirdparty / suricata.git / commit
