<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div></div><div>Even better to stop wasting development time on this security theater.</div><div>Event analysis can be augmented with current DNS/http/https and similar app analyzers. Esp. That TLS 1.3 will encrypt everything.</div><div><br>On 20 Oct 2016, at 05:18, Kevin Buchanan <<a href="mailto:kevin@promithius.net">kevin@promithius.net</a>> wrote:<br><br></div><blockquote type="cite"><div><meta content="text/html;charset=UTF-8" http-equiv="Content-Type"><div style="font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif;"><div>Forgive me for interjecting. </div><div><br></div>I think it is extremely important not for the engine necessarily, but for event analysis.<div>Having all relevant data in one place is very valuable. This goes beyond simple stats.  </div><div><div><div><div class="zmail_extra"><div id="1"><br></div><div id="1">Thanks</div><div id="1">Kevin Buchanan</div><div id="1">CTO Promithius</div><div id="1"><br>---- On Wed, 19 Oct 2016 13:55:11 -0700 <b>Andreas Herz<<a href="mailto:andi@geekosphere.org">andi@geekosphere.org</a>></b> wrote ---- <br></div><blockquote style="border-left: 1px solid #0000FF; padding-left: 6px; margin:0 0 0 5px"><div>On 18/10/16 at 17:44, Devanath S wrote:<br>> Hi *,<br>> <br>> Snort/cisco and Palo alto n/ws talk very high about openAppId support. Does<br>> Suricata support openAppId? or does it have something similar. Please<br>> suggest.<br><br>There was a discussion some time ago:<br><br><a href="https://lists.openinfosecfoundation.org/pipermail/oisf-users/2015-January/004498.html" target="_blank" rel="noreferrer">https://lists.openinfosecfoundation.org/pipermail/oisf-users/2015-January/004498.html</a><br><br>So it might be nice to support it, but IMHO it's not as nice as it<br>sounds. But if anyone wants to support/add it, contribute it :)<br><br>There might be more need for DPI similar support to detect more<br>applications especially within HTTP traffic.<br><br><br>-- <br>Andreas Herz<br>_______________________________________________<br>Suricata IDS Devel mailing list: <a href="mailto:oisf-devel@openinfosecfoundation.org" target="_blank" rel="noreferrer" mailid="oisf-devel%40openinfosecfoundation.org" subj="">oisf-devel@openinfosecfoundation.org</a><br>Site: <a href="http://suricata-ids.org" target="_blank" rel="noreferrer">http://suricata-ids.org</a> | Participate: <a href="http://suricata-ids.org/participate/" target="_blank" rel="noreferrer">http://suricata-ids.org/participate/</a><br>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank" rel="noreferrer">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br>Redmine: <a href="https://redmine.openinfosecfoundation.org/" target="_blank" rel="noreferrer">https://redmine.openinfosecfoundation.org/</a><br>Suricata User Conference November 9-11 in Washington, DC: <a href="http://suricon.net" target="_blank" rel="noreferrer">http://suricon.net</a><br></div></blockquote><br></div><br></div></div></div></div></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Suricata IDS Devel mailing list: <a href="mailto:oisf-devel@openinfosecfoundation.org">oisf-devel@openinfosecfoundation.org</a></span><br><span>Site: <a href="http://suricata-ids.org">http://suricata-ids.org</a> | Participate: <a href="http://suricata-ids.org/participate/">http://suricata-ids.org/participate/</a></span><br><span>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a></span><br><span>Redmine: <a href="https://redmine.openinfosecfoundation.org/">https://redmine.openinfosecfoundation.org/</a></span><br><span>Suricata User Conference November 9-11 in Washington, DC: <a href="http://suricon.net">http://suricon.net</a></span><br></div></blockquote></body></html>