{
sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].name = "tls.cert_fingerprint";
sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].alias = "tls_cert_fingerprint";
- sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].desc = "match on the TLS cert fingerprint buffer";
+ sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].desc =
+ "sticky byffer to match the TLS cert fingerprint buffer";
sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].url = "/rules/tls-keywords.html#tls-cert-fingerprint";
sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].Setup = DetectTlsFingerprintSetup;
#ifdef UNITTESTS
{
sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].name = "tls.cert_issuer";
sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].alias = "tls_cert_issuer";
- sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].desc = "content modifier to match specifically and only on the TLS cert issuer buffer";
+ sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].desc =
+ "sticky buffer to match specifically and only on the TLS cert issuer buffer";
sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].url = "/rules/tls-keywords.html#tls-cert-issuer";
sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].Setup = DetectTlsIssuerSetup;
#ifdef UNITTESTS
{
sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].name = "tls.cert_serial";
sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].alias = "tls_cert_serial";
- sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].desc = "content modifier to match the TLS cert serial buffer";
+ sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].desc =
+ "sticky buffer to match the TLS cert serial buffer";
sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].url = "/rules/tls-keywords.html#tls-cert-serial";
sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].Setup = DetectTlsSerialSetup;
#ifdef UNITTESTS
{
sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].name = "tls.cert_subject";
sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].alias = "tls_cert_subject";
- sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].desc = "content modifier to match specifically and only on the TLS cert subject buffer";
+ sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].desc =
+ "sticky buffer to match specifically and only on the TLS cert subject buffer";
sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].url = "/rules/tls-keywords.html#tls-cert-subject";
sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].Setup = DetectTlsSubjectSetup;
#ifdef UNITTESTS
void DetectTlsCertsRegister(void)
{
sigmatch_table[DETECT_AL_TLS_CERTS].name = "tls.certs";
- sigmatch_table[DETECT_AL_TLS_CERTS].desc = "content modifier to match the TLS certificate sticky buffer";
+ sigmatch_table[DETECT_AL_TLS_CERTS].desc = "sticky buffer to match the TLS certificate buffer";
sigmatch_table[DETECT_AL_TLS_CERTS].url = "/rules/tls-keywords.html#tls-certs";
sigmatch_table[DETECT_AL_TLS_CERTS].Setup = DetectTlsCertsSetup;
#ifdef UNITTESTS
{
sigmatch_table[DETECT_AL_TLS_JA3_HASH].name = "ja3.hash";
sigmatch_table[DETECT_AL_TLS_JA3_HASH].alias = "ja3_hash";
- sigmatch_table[DETECT_AL_TLS_JA3_HASH].desc = "content modifier to match the JA3 hash buffer";
+ sigmatch_table[DETECT_AL_TLS_JA3_HASH].desc = "sticky buffer to match the JA3 hash buffer";
sigmatch_table[DETECT_AL_TLS_JA3_HASH].url = "/rules/ja3-keywords.html#ja3-hash";
sigmatch_table[DETECT_AL_TLS_JA3_HASH].Setup = DetectTlsJa3HashSetup;
#ifdef UNITTESTS
{
sigmatch_table[DETECT_AL_TLS_JA3_STRING].name = "ja3.string";
sigmatch_table[DETECT_AL_TLS_JA3_STRING].alias = "ja3_string";
- sigmatch_table[DETECT_AL_TLS_JA3_STRING].desc = "content modifier to match the JA3 string buffer";
+ sigmatch_table[DETECT_AL_TLS_JA3_STRING].desc = "sticky buffer to match the JA3 string buffer";
sigmatch_table[DETECT_AL_TLS_JA3_STRING].url = "/rules/ja3-keywords.html#ja3-string";
sigmatch_table[DETECT_AL_TLS_JA3_STRING].Setup = DetectTlsJa3StringSetup;
#ifdef UNITTESTS
void DetectTlsJa3SHashRegister(void)
{
sigmatch_table[DETECT_AL_TLS_JA3S_HASH].name = "ja3s.hash";
- sigmatch_table[DETECT_AL_TLS_JA3S_HASH].desc = "content modifier to match the JA3S hash sticky buffer";
+ sigmatch_table[DETECT_AL_TLS_JA3S_HASH].desc = "sticky buffer to match the JA3S hash buffer";
sigmatch_table[DETECT_AL_TLS_JA3S_HASH].url = "/rules/ja3-keywords.html#ja3s-hash";
sigmatch_table[DETECT_AL_TLS_JA3S_HASH].Setup = DetectTlsJa3SHashSetup;
#ifdef UNITTESTS
void DetectTlsJa3SStringRegister(void)
{
sigmatch_table[DETECT_AL_TLS_JA3S_STRING].name = "ja3s.string";
- sigmatch_table[DETECT_AL_TLS_JA3S_STRING].desc = "content modifier to match the JA3S string sticky buffer";
+ sigmatch_table[DETECT_AL_TLS_JA3S_STRING].desc =
+ "sticky buffer to match the JA3S string buffer";
sigmatch_table[DETECT_AL_TLS_JA3S_STRING].url = "/rules/ja3-keywords.html#ja3s-string";
sigmatch_table[DETECT_AL_TLS_JA3S_STRING].Setup = DetectTlsJa3SStringSetup;
#ifdef UNITTESTS
{
sigmatch_table[DETECT_AL_TLS_SNI].name = "tls.sni";
sigmatch_table[DETECT_AL_TLS_SNI].alias = "tls_sni";
- sigmatch_table[DETECT_AL_TLS_SNI].desc = "content modifier to match specifically and only on the TLS SNI buffer";
+ sigmatch_table[DETECT_AL_TLS_SNI].desc =
+ "sticky buffer to match specifically and only on the TLS SNI buffer";
sigmatch_table[DETECT_AL_TLS_SNI].url = "/rules/tls-keywords.html#tls-sni";
sigmatch_table[DETECT_AL_TLS_SNI].Setup = DetectTlsSniSetup;
#ifdef UNITTESTS
projects / thirdparty / suricata.git / commitdiff
