From: Anoop Saldanha <anoopsaldanha@gmail.com>
Date: Tue, 24 Sep 2013 06:01:37 +0000 (+0530)
Subject: Add decoder event rule for tls event "invalid_ssl_record", which will now be availabl... 
X-Git-Tag: suricata-2.0beta2~337
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cd7f0273a21880cff8ff927abb327a30270015ba;p=thirdparty%2Fsuricata.git

Add decoder event rule for tls event "invalid_ssl_record", which will now be available "app-layer-event:tls.invalid_ssl_record".
---

diff --git a/rules/tls-events.rules b/rules/tls-events.rules
index 273edadfcf..560d55bd34 100644
--- a/rules/tls-events.rules
+++ b/rules/tls-events.rules
@@ -16,6 +16,7 @@ alert tls any any -> any any (msg:"SURICATA TLS certificate unknown element"; fl
 alert tls any any -> any any (msg:"SURICATA TLS certificate invalid length"; flow:established; app-layer-event:tls.certificate_invalid_length; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230007; rev:1;)
 alert tls any any -> any any (msg:"SURICATA TLS certificate invalid string"; flow:established; app-layer-event:tls.certificate_invalid_string; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230008; rev:1;)
 alert tls any any -> any any (msg:"SURICATA TLS error message encountered"; flow:established; app-layer-event:tls.error_message_encountered; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230009; rev:1;)
+alert tls any any -> any any (msg:"SURICATA TLS invalid record/traffic"; flow:established; app-layer-event:tls.invalid_ssl_record; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230010; rev:1;)
 
-#next sid is 2230010
+#next sid is 2230011