[Oisf-devel] Oisf-devel Digest, Vol 35, Issue 18
Prabhakaran Kasinathan
prabhakaran1989 at gmail.com
Fri Mar 8 11:36:27 UTC 2013
Dear Victor,
I would like to start this thread again, Since I am looking for Anomaly
detection in Suricata.
I read from your blogs and previous updates from suricata that, your team
were also working on anomaly detection on suricata.
In particular my needs are, with some basic functions like, profile
generation on a particular interface and trigger events in case of
deviation from normal reference profile.
I found this preprocessor in snort. i.e an Anomaly Detector (
http://anomalydetection.info/) . It looks interesting.
Is there someway to integrate this existing plugin into suricata?
--
Best Regards,
Prabhakaran Kasinathan
+39 3279720502
On Sat, Nov 24, 2012 at 6:00 PM, <
oisf-devel-request at openinfosecfoundation.org> wrote:
> Send Oisf-devel mailing list submissions to
> oisf-devel at openinfosecfoundation.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> or, via email, send a message with subject or body 'help' to
> oisf-devel-request at openinfosecfoundation.org
>
> You can reach the person managing the list at
> oisf-devel-owner at openinfosecfoundation.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Oisf-devel digest..."
>
>
> Today's Topics:
>
> 1. Suricata Preprocessor (ayoub sabbar)
> 2. Re: Suricata Preprocessor (Victor Julien)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 23 Nov 2012 17:08:11 +0000
> From: ayoub sabbar <sabbarayoub at hotmail.fr>
> To: <oisf-devel at openinfosecfoundation.org>
> Subject: [Oisf-devel] Suricata Preprocessor
> Message-ID: <COL123-W4344834E4B358BEC8F0FB0DB5A0 at phx.gbl>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> hello,
>
> I'm working on a project which is the integration of a preprocessor in
> suricata. So I want to know if it is possible to do that,
> And if it is possible I want some help from you because i didn't find
> lot of informations using internet ?
>
> Best Regards
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121123/2f87d945/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Fri, 23 Nov 2012 18:20:15 +0100
> From: Victor Julien <victor at inliniac.net>
> To: oisf-devel at openinfosecfoundation.org
> Subject: Re: [Oisf-devel] Suricata Preprocessor
> Message-ID: <50AFB04F.1070201 at inliniac.net>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 11/23/2012 06:08 PM, ayoub sabbar wrote:
> > hello,
> >
> > I'm working on a project which is the integration of a preprocessor in
> suricata. So I want to know if it is possible to do that,
> > And if it is possible I want some help from you because i didn't find
> lot of informations using internet ?
>
> I assume you're referring to a Snort preprocessor you want to port to
> Suricata?
>
> There are quite a few places to hook into Suricata. The right place
> depends on what the purpose of your module is. What are you trying to
> achieve?
>
> Cheers,
> Victor
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
>
> ------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
> End of Oisf-devel Digest, Vol 35, Issue 18
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130308/b08a142b/attachment.html>
More information about the Oisf-devel
mailing list