]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
doc: add description about tls.subjectaltname
authorShivani Bhardwaj <shivani@oisf.net>
Mon, 1 Apr 2024 11:40:51 +0000 (17:10 +0530)
committerVictor Julien <victor@inliniac.net>
Wed, 22 May 2024 04:45:07 +0000 (06:45 +0200)
Feature 5234

doc/userguide/rules/multi-buffer-matching.rst
doc/userguide/rules/tls-keywords.rst

index f599659394d92a4c8c9c5200155a00a44577a4eb..c7ed0ea3d67f19bde797368f58a94288b3bcbe01 100644 (file)
@@ -90,3 +90,4 @@ following keywords:
 * ``quic.cyu.string``
 * ``tls.certs``
 * ``tls.cert_subject``
+* ``tls.subjectaltname``
index a6d1bd6dbec81ad3b5eedd0f4adc0e9bbfee4e4b..dbca6a3d5eab7041c9f794c23514271a4f0ffc31 100644 (file)
@@ -121,6 +121,21 @@ Examples::
 to use the previous name, but it's recommended that rules be converted to use
 the new name.
 
+tls.subjectaltname
+------------------
+
+Match TLS/SSL Subject Alternative Name field.
+
+Examples::
+
+  tls.subjectaltname; content:"|73 75 72 69 63 61 74 61 2e 69 6f|";
+
+``tls.subjectaltname`` is a 'sticky buffer'.
+
+``tls.subjectaltname`` can be used as ``fast_pattern``.
+
+``tls.subjectaltname`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 tls_cert_notbefore
 ------------------