]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6e23ae2)
doc: add documentation for ja3_string keyword
authorMats Klepsland <mats.klepsland@gmail.com>
Sun, 10 Dec 2017 15:47:07 +0000 (16:47 +0100)
committerVictor Julien <victor@inliniac.net>
Tue, 20 Mar 2018 15:27:22 +0000 (16:27 +0100)
doc/userguide/rules/ja3-keywords.rst patch | blob | blame | history

diff --git a/doc/userguide/rules/ja3-keywords.rst b/doc/userguide/rules/ja3-keywords.rst
index 35676a9263640484bedc357a49a42b86226db0fc..d210bf64bc9ae4da188aca5865cfa9c018ad419c 100644 (file)
--- a/doc/userguide/rules/ja3-keywords.rst
+++ b/doc/userguide/rules/ja3-keywords.rst
@@ -19,3 +19,18 @@ Example::
 ``ja3_hash`` is a 'Sticky buffer'.
 
 ``ja3_hash`` can be used as ``fast_pattern``.
+
+ja3_string
+----------
+
+Match on JA3 string.
+
+Example::
+
+  alert tls any any -> any any (msg:"match JA3 string"; \
+      ja3_string; content:"19-20-21-22"; \
+      sid:100002;)
+
+``ja3_string`` is a 'Sticky buffer'.
+
+``ja3_string`` can be used as ``fast_pattern``.
Mirror of https://github.com/OISF/suricata.git