[Oisf-devel] Diff Preprocessor / Detection Plugins
Prabhakaran Kasinathan
prabhakaran1989 at gmail.com
Fri Mar 29 09:55:06 UTC 2013
Hi everyone,
I would like to know the difference between a pre-processor and the
detection plugins.
Correct me if I am wrong:
-- Pre-processsor: Preprocessor code is run before the detection engine
is called, but after the packet has been decoded. The packet can be modified
or analyzed in an out-of-band manner using this mechanism [Snort]
__ Does Suricata have any pre processors out-of-the box? Fast-IP
matching is mentioned as one: In which module it is implemented ? any
examples ?
-- Detection plugins: These plugins add the additional functionality to
detection. But is this called after the detection engine ?
I am confused a bit about the efficiency / extra features which the
pre-processor have.
------------
I think the webpage<https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Developers_Guide>needs
more clear documentation for the beginners.
--
Best Regards,
Prabhakaran Kasinathan
+39 3279720502
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130329/83eb0045/attachment.html>
More information about the Oisf-devel
mailing list