[Oisf-devel] Oisf-devel Digest, Vol 39, Issue 9
Victor Julien
victor at inliniac.net
Fri Mar 15 16:10:52 UTC 2013
On 03/15/2013 03:47 PM, Prabhakaran Kasinathan wrote:
> On 03/08/2013 12:36 PM, Prabhakaran Kasinathan wrote:
> > I would like to start this thread again, Since I am looking for
> Anomaly
> > detection in Suricata.
> > I read from your blogs and previous updates from suricata that, your
> > team were also working on anomaly detection on suricata.
>
> Not sure what you're referring to here.
>
>
> http://www.openinfosecfoundation.org/index.php/component/content/article/1-latest-news/146-suricata-brainstorming-session-feb-7-2012
>
> In this it was mentioned (Anomaly Detection Potential)
Right, I think we discussed it. Can't remember the details of that
discussion, but I know we didn't decided to build something in this
direction.
>
> > In particular my needs are, with some basic functions like, profile
> > generation on a particular interface and trigger events in case of
> > deviation from normal reference profile.
> >
> > I found this preprocessor in snort. i.e an Anomaly Detector
> > (http://anomalydetection.info/) . It looks interesting.
> >
> > Is there someway to integrate this existing plugin into suricata?
>
> There probably is, but our API's are not compatible to Snort, so it will
> require quite a bit of dev work.
>
> Where should I start looking to integrate or to develop similar kind of
> Anomaly detection plugin ? Does Suricata have such plugin capability?
Please read:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Extending_Suricata
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list