AWS network-firewall documentation change
Summary
Added limitation that TLS rule matches in session holding configurations won't include SNI in alert logs
Security assessment
Documents a logging limitation in security-related TLS rule matches but does not indicate an active vulnerability
Diff
diff --git a/network-firewall/latest/developerguide/suricata-limitations-caveats.md b/network-firewall/latest/developerguide/suricata-limitations-caveats.md index f9b51a6b7..7bb2f40b2 100644 --- a//network-firewall/latest/developerguide/suricata-limitations-caveats.md +++ b//network-firewall/latest/developerguide/suricata-limitations-caveats.md @@ -61,0 +62,2 @@ For example, say you set the rule group's `HOME_NET` to `10.0.0.0`, and the fire + * When matching TLS based rules in a session holding configuration, alert logs will not contain the SNI that was accessed upon rule match. +