<div dir="ltr">If there's something specific you're looking for, I may be able to help off list. There is not a repository of pcap files correlating to ET rules publicly available that I am aware of.<div><br><div><div>Thanks,</div><div><br></div><div>Jason </div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 18, 2017 at 8:03 PM, <a href="mailto:tidy@holonetsecurity.com">tidy@holonetsecurity.com</a> <span dir="ltr"><<a href="mailto:tidy@holonetsecurity.com" target="_blank">tidy@holonetsecurity.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Jason,<br>
Sorry to jump in, besides the open ET rulesets published on the website, is there a place we can get the relative Pcap files to replay.<br>
<span class="HOEnZb"><font color="#888888"><br>
-Tidy<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
> On Apr 19, 2017, at 3:02 AM, Jason Ish <<a href="mailto:lists@ish.cx">lists@ish.cx</a>> wrote:<br>
><br>
> On 18/04/17 03:13 AM, 박경호 wrote:<br>
>> Dear all,<br>
>> i have two questions.<br>
>> First,<br>
>> i want to use the ET pro rulesets for suricata instead of open rulesets.<br>
>> So, I have tried to contact with proofpoint company for several days.<br>
>> But i couldn't receive any response from proofpoint. It was very very difficult for me....<br>
>> If you know the email address for contact, please let me know the email.<br>
>> <br>
>> Second,<br>
>> What's mean the timestamp in alert message?<br>
>> is it the start time of the packet ? if or not, please explain to me.<br>
><br>
> Yes, or at least close. In IDS mode the timestamp will be that of the packet that ACK'd the triggering packet. So very close.<br>
><br>
> Jason<br>
><br>
> ______________________________<wbr>_________________<br>
> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@<wbr>openinfosecfoundation.org</a><br>
> Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>support/</a><br>
> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-users</a><br>
<br>
______________________________<wbr>_________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@<wbr>openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-users</a><br>
</div></div></blockquote></div><br></div>