Suricata dataset keywords

suricatalfon · October 8, 2021, 11:20am

Hí,

We are used to seeing examples of dataset rule configuration with the keywords http.host, dns.query …
What other keywords can we use?

Can we use for example sip.uri or ssh.software?

Greetings,

pevma · October 8, 2021, 1:59pm

Yes, it can be used on any sticky buffer

suricatalfon · October 13, 2021, 4:52am

Hi,

Thank you so much.

Topic		Replies	Views
Help with datasets and DNS Rules	7	1364	March 11, 2024
Dns.query and dataset Rules	11	4340	November 29, 2020
How to create a dataset using http.host and http.uri Help rules	8	1404	March 10, 2023
Configuring Suricata Datasets for enabling IDS Rules ips , community , rules , suricata	73	1144	July 31, 2023
Dataset match in rule message? Rules	3	665	May 4, 2021