Query on WebSocket Protocol Decoding Support in Suricata 7

Body: Hello Suricata Community,

I am currently exploring the capabilities of Suricata 7 and am particularly interested in understanding its support for decoding WebSocket protocols. Recently, I have come across several tunneling attacks conducted using WebSockets, and I am keen on analyzing the WebSocket protocol messages involved in these incidents.

Could you please provide information on whether Suricata 7 supports WebSocket protocol decoding? If so, how can one configure Suricata to parse and analyze WebSocket traffic effectively? Any guidance or insights into handling WebSocket-based attacks would be greatly appreciated.

Thank you for your assistance.

Hi there,

Currently, Suricata doesn’t support decoding of websocket protocols. This has been recently discussed during our brainstorming sessions with the community, and we’re tracking the need for this feature, but we’re currently mostly gathering requirements and data: Feature #2695: websocket support - Suricata - Open Information Security Foundation