``tls.cert_subject`` can be used as ``fast_pattern``.
-``tls.cert_subject`` replaces the previous keyword name: ``tls_cert_subject``. You may continue
-to use the previous name, but it's recommended that rules be converted to use
-the new name.
+tls.subject
+~~~~~~~~~~~
+
+Legacy keyword to match TLS/SSL certificate Subject field.
+
+example:
+
+::
+
+ tls.subject:"CN=*.googleusercontent.com"
+
+Case sensitive, can't use 'nocase', or other modifiers.
+
+**Note:** ``tls.cert_subject`` replaces the following legacy keywords: ``tls_cert_subject`` and ``tls.subject``.
+It's recommended that rules be converted to use the new one.
tls.cert_issuer
---------------
``tls.cert_issuer`` can be used as ``fast_pattern``.
-``tls.cert_issuer`` replaces the previous keyword name: ``tls_cert_issuer``. You may continue
-to use the previous name, but it's recommended that rules be converted to use
-the new name.
+tls.issuerdn
+~~~~~~~~~~~~
+
+Legacy keyword to match TLS/SSL certificate IssuerDN field
+
+example:
+
+::
+
+ tls.issuerdn:!"CN=Google-Internet-Authority"
+
+Case sensitive, can't use 'nocase', or other modifiers.
+
+**Note:** ``tls.cert_issuer`` replaces the following legacy keywords: ``tls_cert_issuer`` and ``tls.issuerdn``.
+It's recommended that rules be converted to use the new one.
tls.cert_serial
---------------
alert tls any any -> any any (msg:"match SSLv2 and SSLv3"; \
ssl_version:sslv2,sslv3; sid:200031;)
-tls.subject
------------
-
-Match TLS/SSL certificate Subject field.
-
-example:
-
-
-::
-
- tls.subject:"CN=*.googleusercontent.com"
-
-Case sensitive, can't use 'nocase'.
-
-Legacy keyword. ``tls.cert_subject`` is the replacement.
-
-tls.issuerdn
-------------
-
-match TLS/SSL certificate IssuerDN field
-
-example:
-
-
-::
-
- tls.issuerdn:!"CN=Google-Internet-Authority"
-
-Case sensitive, can't use 'nocase'.
-
-Legacy keyword. ``tls.cert_issuer`` is the replacement.
-
tls.fingerprint
---------------
projects / thirdparty / suricata.git / commitdiff
