#include "suricata-common.h"
#include "threads.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "detect-engine-build.h"
#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-ssh.h"
#include "detect-ssh-software-version.h"
#include "rust.h"
#include "stream-tcp.h"
#include "detect-engine-alert.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp-util.h"

Include dependency graph for detect-ssh-software-version.c:

Macros
#define	PARSE_REGEX "^\\s\"?\\s?([0-9a-zA-Z\\:\\.\\-\\_\\+\\s+]+)\\s\"?\\s$"
	Regex for parsing the softwareversion string. More...

Functions
void	DetectSshSoftwareVersionRegister (void)
	Registration function for keyword: ssh.softwareversion. More...

Detailed Description

Author: Pablo Rincon pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

Implements the ssh.softwareversion keyword You can match over the software version string of ssh, and it will be compared from the beginning of the string so you can say for example ssh.softwareversion:"PuTTY" and it can match, or you can also specify the version, something like ssh.softwareversion:"PuTTY-Release-0.55" I find this useful to match over a known vulnerable server/client software version in combination to other checks, so you can know that the risk is higher

Definition in file detect-ssh-software-version.c.