Running the latest master branch with ETPRO ruleset and seeing the following in the suricata.log:
24977] 25/3/2020 – 23:21:49 - (app-layer-ssl.c:2642) (SSLStateGetEventInfo) – [ERRCODE: SC_ERR_INVALID_ENUM_MAP(15)] - event “certificate_missing_element” not present in ssl’s enum map table.
[24977] 25/3/2020 – 23:21:49 - (detect-app-layer-event.c:207) (DetectAppLayerEventParseAppP2) – [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - app-layer-event keyword’s protocol “tls” doesn’t have event “certificate_missing_element” registered
[24977] 25/3/2020 – 23:21:49 - (app-layer-ssl.c:2642) (SSLStateGetEventInfo) – [ERRCODE: SC_ERR_INVALID_ENUM_MAP(15)] - event “certificate_unknown_element” not present in ssl’s enum map table.
[24977] 25/3/2020 – 23:21:49 - (detect-app-layer-event.c:207) (DetectAppLayerEventParseAppP2) – [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - app-layer-event keyword’s protocol “tls” doesn’t have event “certificate_unknown_element” registered
[24977] 25/3/2020 – 23:21:49 - (app-layer-ssl.c:2642) (SSLStateGetEventInfo) – [ERRCODE: SC_ERR_INVALID_ENUM_MAP(15)] - event “certificate_invalid_string” not present in ssl’s enum map table.
[24977] 25/3/2020 – 23:21:49 - (detect-app-layer-event.c:207) (DetectAppLayerEventParseAppP2) – [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - app-layer-event keyword’s protocol “tls” doesn’t have event “certificate_invalid_string” registered
I rebuilt against a clean clone to make sure I didn’t have anything old laying around as well. I am not sure how to further troubleshoot this one. Thanks in advance!
JT