Check https connection

Does anyone check https connections via Suricata? Please describe your experience here and how you check https connections. Thank you

What would you like to know? Even if it’s encrypted you can still use the metadata, tls informations etc.

I usually check the url, http host, user agent, number of connections over the threshold. Sometimes I also check the content of the body request.