<div dir="ltr"><br><div class="gmail_extra"><br clear="all"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>Message: 4<br>
Date: Wed, 13 Mar 2013 16:41:11 +0100<br>
From: Victor Julien <<a href="mailto:victor@inliniac.net">victor@inliniac.net</a>><br>
To: <a href="mailto:oisf-devel@openinfosecfoundation.org">oisf-devel@openinfosecfoundation.org</a><br>
Subject: Re: [Oisf-devel] Oisf-devel Digest, Vol 35, Issue 18<br>
Message-ID: <<a href="mailto:51409E17.4040906@inliniac.net">51409E17.4040906@inliniac.net</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
On 03/08/2013 12:36 PM, Prabhakaran Kasinathan wrote:<br>
> I would like to start this thread again, Since I am looking for Anomaly<br>
> detection in Suricata.<br>
> I read from your blogs and previous updates from suricata that, your<br>
> team were also working on anomaly detection on suricata.<br>
<br>
Not sure what you're referring to here.<br></blockquote><div><br></div><div><a href="http://www.openinfosecfoundation.org/index.php/component/content/article/1-latest-news/146-suricata-brainstorming-session-feb-7-2012">http://www.openinfosecfoundation.org/index.php/component/content/article/1-latest-news/146-suricata-brainstorming-session-feb-7-2012</a> </div>
<div><br></div><div style>In this it was mentioned (<span style="font-family:Arial,Helvetica,sans-serif;font-size:12px;line-height:18px"><font color="#000000">Anomaly Detection Potential)</font></span></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
> In particular my needs are, with some basic functions like, profile<br>
> generation on a particular interface and trigger events in case of<br>
> deviation from normal reference profile.<br>
><br>
> I found this preprocessor in snort. i.e an Anomaly Detector<br>
> (<a href="http://anomalydetection.info/" target="_blank">http://anomalydetection.info/</a>) . It looks interesting.<br>
><br>
> Is there someway to integrate this existing plugin into suricata?<br>
<br>
There probably is, but our API's are not compatible to Snort, so it will<br>
require quite a bit of dev work.<br>
<br>
--<br></blockquote><div> </div><div>Where should I start looking to integrate or to develop similar kind of Anomaly detection plugin ? Does Suricata have such plugin capability? </div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
---------------------------------------------<br>
Victor Julien<br>
<a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>
PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
---------------------------------------------<br>
<br>
<br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
Oisf-devel mailing list<br>
<a href="mailto:Oisf-devel@openinfosecfoundation.org">Oisf-devel@openinfosecfoundation.org</a><br>
<a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br>
<br>
End of Oisf-devel Digest, Vol 39, Issue 9<br>
*****************************************<br>
</blockquote></div><br></div></div>