
<div dir="ltr">Dear Victor,<div><br></div><div style>I would like to start this thread again, Since I am looking for Anomaly detection in Suricata. </div><div style>I read from your blogs and previous updates from suricata that, your team were also working on anomaly detection on suricata.</div>


<div style><br></div><div style>In particular my needs are, with some basic functions like, profile generation on a particular interface and trigger events in case of deviation from normal reference profile. <br></div><div style>


<br></div><div style>I found this preprocessor in snort. i.e an Anomaly Detector (<a href="http://anomalydetection.info/">http://anomalydetection.info/</a>) . It looks interesting.  </div><div style><br></div><div style>

Is there someway to integrate this existing plugin into suricata? </div>

<div style><br></div><div class="gmail_extra"><br clear="all"><div>--<br>Best Regards,<br>Prabhakaran Kasinathan<br>+39 3279720502<br></div>

<br><br><div class="gmail_quote">On Sat, Nov 24, 2012 at 6:00 PM,  <span dir="ltr"><<a href="mailto:oisf-devel-request@openinfosecfoundation.org" target="_blank">oisf-devel-request@openinfosecfoundation.org</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send Oisf-devel mailing list submissions to<br>

        <a href="mailto:oisf-devel@openinfosecfoundation.org">oisf-devel@openinfosecfoundation.org</a><br>

<br>

To subscribe or unsubscribe via the World Wide Web, visit<br>

        <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br>

or, via email, send a message with subject or body 'help' to<br>

        <a href="mailto:oisf-devel-request@openinfosecfoundation.org">oisf-devel-request@openinfosecfoundation.org</a><br>

<br>

You can reach the person managing the list at<br>

        <a href="mailto:oisf-devel-owner@openinfosecfoundation.org">oisf-devel-owner@openinfosecfoundation.org</a><br>

<br>

When replying, please edit your Subject line so it is more specific<br>

than "Re: Contents of Oisf-devel digest..."<br>

<br>

<br>

Today's Topics:<br>

<br>

   1. Suricata Preprocessor (ayoub sabbar)<br>

   2. Re: Suricata Preprocessor (Victor Julien)<br>

<br>

<br>

----------------------------------------------------------------------<br>

<br>

Message: 1<br>

Date: Fri, 23 Nov 2012 17:08:11 +0000<br>

From: ayoub sabbar <<a href="mailto:sabbarayoub@hotmail.fr">sabbarayoub@hotmail.fr</a>><br>

To: <<a href="mailto:oisf-devel@openinfosecfoundation.org">oisf-devel@openinfosecfoundation.org</a>><br>

Subject: [Oisf-devel] Suricata Preprocessor<br>

Message-ID: <COL123-W4344834E4B358BEC8F0FB0DB5A0@phx.gbl><br>

Content-Type: text/plain; charset="iso-8859-1"<br>

<br>

<br>

 hello,<br>

<br>

  I'm working on a project which is the integration of a preprocessor in suricata. So I want to know if it is possible to do that,<br>

  And if it is possible I want some help from you because i didn't find lot of informations using internet ?<br>

<br>

Best Regards<br>

<br>

-------------- next part --------------<br>

An HTML attachment was scrubbed...<br>

URL: <<a href="http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121123/2f87d945/attachment-0001.html" target="_blank">http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121123/2f87d945/attachment-0001.html</a>><br>


<br>

------------------------------<br>

<br>

Message: 2<br>

Date: Fri, 23 Nov 2012 18:20:15 +0100<br>

From: Victor Julien <<a href="mailto:victor@inliniac.net">victor@inliniac.net</a>><br>

To: <a href="mailto:oisf-devel@openinfosecfoundation.org">oisf-devel@openinfosecfoundation.org</a><br>

Subject: Re: [Oisf-devel] Suricata Preprocessor<br>

Message-ID: <<a href="mailto:50AFB04F.1070201@inliniac.net">50AFB04F.1070201@inliniac.net</a>><br>

Content-Type: text/plain; charset=ISO-8859-1<br>

<br>

On 11/23/2012 06:08 PM, ayoub sabbar wrote:<br>

>  hello,<br>

><br>

>   I'm working on a project which is the integration of a preprocessor in suricata. So I want to know if it is possible to do that,<br>

>   And if it is possible I want some help from you because i didn't find lot of informations using internet ?<br>

<br>

I assume you're referring to a Snort preprocessor you want to port to<br>

Suricata?<br>

<br>

There are quite a few places to hook into Suricata. The right place<br>

depends on what the purpose of your module is. What are you trying to<br>

achieve?<br>

<br>

Cheers,<br>

Victor<br>

<br>

--<br>

---------------------------------------------<br>

Victor Julien<br>

<a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>

PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>

---------------------------------------------<br>

<br>

<br>

<br>

------------------------------<br>

<br>

_______________________________________________<br>

Oisf-devel mailing list<br>

<a href="mailto:Oisf-devel@openinfosecfoundation.org">Oisf-devel@openinfosecfoundation.org</a><br>

<a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br>

<br>

End of Oisf-devel Digest, Vol 35, Issue 18<br>

******************************************<br>

</blockquote></div><br></div></div>