As I understood, Suricata will not do any TLS inspection (except Ja3 hash). To do this TLS traffic needs to be decrypted first before sending it to Suricata. So I used PolarProxy for TLS decryption and then Suricata was able to perform detection on it.
1 Like