]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ba857e9)
userguide: add documentation for tls.certs keyword 3859/head
authorMats Klepsland <mats.klepsland@gmail.com>
Tue, 13 Nov 2018 23:38:56 +0000 (00:38 +0100)
committerMats Klepsland <mats.klepsland@gmail.com>
Thu, 16 May 2019 09:56:18 +0000 (11:56 +0200)
doc/userguide/rules/tls-keywords.rst patch | blob | blame | history

diff --git a/doc/userguide/rules/tls-keywords.rst b/doc/userguide/rules/tls-keywords.rst
index 949379ec2cf46789440b1e95c955ff53e5b7c7b3..fa31fbe2d431b471232c58b032950e0480a14896 100644 (file)
--- a/doc/userguide/rules/tls-keywords.rst
+++ b/doc/userguide/rules/tls-keywords.rst
@@ -136,6 +136,20 @@ Usage::
 
   tls_cert_valid;
 
+tls.certs
+---------
+
+Do a "raw" match on each of the certificates in the TLS certificate chain.
+
+Example::
+
+  alert tls any any -> any any (msg:"match bytes in TLS cert"; tls.certs; \
+    content:"|06 09 2a 86|"; sid:200070;)
+
+``tls.certs`` is a 'sticky buffer'.
+
+``tls.certs`` can be used as ``fast_pattern``.
+
 tls.version
 -----------
 
Mirror of https://github.com/OISF/suricata.git