I think there is some added value from an incident response point of view. Not having to do much to identify if it something already known.<div><br></div><div>I do however have to agree with Michał, there might be stuff that require development time with higher priority than this (even for the community developers).</div><div><br></div><div><br><div>On Thursday, October 20, 2016, Michał Purzyński <<a href="mailto:michalpurzynski1@gmail.com">michalpurzynski1@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div></div><div>Even better to stop wasting development time on this security theater.</div><div>Event analysis can be augmented with current DNS/http/https and similar app analyzers. Esp. That TLS 1.3 will encrypt everything.</div><div><br>On 20 Oct 2016, at 05:18, Kevin Buchanan <<a href="javascript:_e(%7B%7D,'cvml','kevin@promithius.net');" target="_blank">kevin@promithius.net</a>> wrote:<br><br></div><blockquote type="cite"><div><div style="font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif"><div>Forgive me for interjecting. </div><div><br></div>I think it is extremely important not for the engine necessarily, but for event analysis.<div>Having all relevant data in one place is very valuable. This goes beyond simple stats.  </div><div><div><div><div><div><br></div><div>Thanks</div><div>Kevin Buchanan</div><div>CTO Promithius</div><div><br>---- On Wed, 19 Oct 2016 13:55:11 -0700 <b>Andreas Herz<<a href="javascript:_e(%7B%7D,'cvml','andi@geekosphere.org');" target="_blank">andi@geekosphere.org</a>></b> wrote ---- <br></div><blockquote style="border-left:1px solid #0000ff;padding-left:6px;margin:0 0 0 5px"><div>On 18/10/16 at 17:44, Devanath S wrote:<br>> Hi *,<br>> <br>> Snort/cisco and Palo alto n/ws talk very high about openAppId support. Does<br>> Suricata support openAppId? or does it have something similar. Please<br>> suggest.<br><br>There was a discussion some time ago:<br><br><a href="https://lists.openinfosecfoundation.org/pipermail/oisf-users/2015-January/004498.html" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>pipermail/oisf-users/2015-<wbr>January/004498.html</a><br><br>So it might be nice to support it, but IMHO it's not as nice as it<br>sounds. But if anyone wants to support/add it, contribute it :)<br><br>There might be more need for DPI similar support to detect more<br>applications especially within HTTP traffic.<br><br><br>-- <br>Andreas Herz<br>______________________________<wbr>_________________<br>Suricata IDS Devel mailing list: <a href="javascript:_e(%7B%7D,'cvml','oisf-devel@openinfosecfoundation.org');" rel="noreferrer" target="_blank">oisf-devel@<wbr>openinfosecfoundation.org</a><br>Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Participate: <a href="http://suricata-ids.org/participate/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>participate/</a><br>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-devel</a><br>Redmine: <a href="https://redmine.openinfosecfoundation.org/" rel="noreferrer" target="_blank">https://redmine.<wbr>openinfosecfoundation.org/</a><br>Suricata User Conference November 9-11 in Washington, DC: <a href="http://suricon.net" rel="noreferrer" target="_blank">http://suricon.net</a><br></div></blockquote><br></div><br></div></div></div></div></div></blockquote><blockquote type="cite"><div><span>______________________________<wbr>_________________</span><br><span>Suricata IDS Devel mailing list: <a href="javascript:_e(%7B%7D,'cvml','oisf-devel@openinfosecfoundation.org');" target="_blank">oisf-devel@<wbr>openinfosecfoundation.org</a></span><br><span>Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Participate: <a href="http://suricata-ids.org/participate/" target="_blank">http://suricata-ids.org/<wbr>participate/</a></span><br><span>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-devel</a></span><br><span>Redmine: <a href="https://redmine.openinfosecfoundation.org/" target="_blank">https://redmine.<wbr>openinfosecfoundation.org/</a></span><br><span>Suricata User Conference November 9-11 in Washington, DC: <a href="http://suricon.net" target="_blank">http://suricon.net</a></span><br></div></blockquote></div></blockquote></div></div>