[Oisf-devel] Oisf-devel Digest, Vol 39, Issue 9
Prabhakaran Kasinathan
prabhakaran1989 at gmail.com
Fri Mar 15 14:47:22 UTC 2013
> Message: 4
> Date: Wed, 13 Mar 2013 16:41:11 +0100
> From: Victor Julien <victor at inliniac.net>
> To: oisf-devel at openinfosecfoundation.org
> Subject: Re: [Oisf-devel] Oisf-devel Digest, Vol 35, Issue 18
> Message-ID: <51409E17.4040906 at inliniac.net>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 03/08/2013 12:36 PM, Prabhakaran Kasinathan wrote:
> > I would like to start this thread again, Since I am looking for Anomaly
> > detection in Suricata.
> > I read from your blogs and previous updates from suricata that, your
> > team were also working on anomaly detection on suricata.
>
> Not sure what you're referring to here.
>
http://www.openinfosecfoundation.org/index.php/component/content/article/1-latest-news/146-suricata-brainstorming-session-feb-7-2012
In this it was mentioned (Anomaly Detection Potential)
>
> > In particular my needs are, with some basic functions like, profile
> > generation on a particular interface and trigger events in case of
> > deviation from normal reference profile.
> >
> > I found this preprocessor in snort. i.e an Anomaly Detector
> > (http://anomalydetection.info/) . It looks interesting.
> >
> > Is there someway to integrate this existing plugin into suricata?
>
> There probably is, but our API's are not compatible to Snort, so it will
> require quite a bit of dev work.
>
> --
>
Where should I start looking to integrate or to develop similar kind of
Anomaly detection plugin ? Does Suricata have such plugin capability?
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
>
> ------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
> End of Oisf-devel Digest, Vol 39, Issue 9
> *****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130315/59896ec2/attachment.html>
More information about the Oisf-devel
mailing list