<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Jason, </div><div class=""><br class=""></div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>I would like to visualise and associate the ET rulesets, pcap files and related event log in web to further study, and I would like also compare the same detection rate between suricata and snort for the same files.</div><div class=""><br class=""></div><div class=""> Very appreciated you can help give Pcap files.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">-Tidy</div><div class=""><br class=""></div><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 19, 2017, at 9:25 AM, Jason Williams <<a href="mailto:jwilliams@emergingthreats.net" class="">jwilliams@emergingthreats.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">If there's something specific you're looking for, I may be able to help off list. There is not a repository of pcap files correlating to ET rules publicly available that I am aware of.<div class=""><br class=""><div class=""><div class="">Thanks,</div><div class=""><br class=""></div><div class="">Jason </div></div></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Tue, Apr 18, 2017 at 8:03 PM, <a href="mailto:tidy@holonetsecurity.com" class="">tidy@holonetsecurity.com</a> <span dir="ltr" class=""><<a href="mailto:tidy@holonetsecurity.com" target="_blank" class="">tidy@holonetsecurity.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Jason,<br class="">
Sorry to jump in, besides the open ET rulesets published on the website, is there a place we can get the relative Pcap files to replay.<br class="">
<span class="HOEnZb"><font color="#888888" class=""><br class="">
-Tidy<br class="">
</font></span><div class="HOEnZb"><div class="h5"><br class="">
> On Apr 19, 2017, at 3:02 AM, Jason Ish <<a href="mailto:lists@ish.cx" class="">lists@ish.cx</a>> wrote:<br class="">
><br class="">
> On 18/04/17 03:13 AM, 박경호 wrote:<br class="">
>> Dear all,<br class="">
>> i have two questions.<br class="">
>> First,<br class="">
>> i want to use the ET pro rulesets for suricata instead of open rulesets.<br class="">
>> So, I have tried to contact with proofpoint company for several days.<br class="">
>> But i couldn't receive any response from proofpoint. It was very very difficult for me....<br class="">
>> If you know the email address for contact, please let me know the email.<br class="">
>> <br class="">
>> Second,<br class="">
>> What's mean the timestamp in alert message?<br class="">
>> is it the start time of the packet ? if or not, please explain to me.<br class="">
><br class="">
> Yes, or at least close. In IDS mode the timestamp will be that of the packet that ACK'd the triggering packet. So very close.<br class="">
><br class="">
> Jason<br class="">
><br class="">
> ______________________________<wbr class="">_________________<br class="">
> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" class="">oisf-users@<wbr class="">openinfosecfoundation.org</a><br class="">
> Site: <a href="http://suricata-ids.org/" rel="noreferrer" target="_blank" class="">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank" class="">http://suricata-ids.org/<wbr class="">support/</a><br class="">
> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank" class="">https://lists.<wbr class="">openinfosecfoundation.org/<wbr class="">mailman/listinfo/oisf-users</a><br class="">
<br class="">
______________________________<wbr class="">_________________<br class="">
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" class="">oisf-users@<wbr class="">openinfosecfoundation.org</a><br class="">
Site: <a href="http://suricata-ids.org/" rel="noreferrer" target="_blank" class="">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank" class="">http://suricata-ids.org/<wbr class="">support/</a><br class="">
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank" class="">https://lists.<wbr class="">openinfosecfoundation.org/<wbr class="">mailman/listinfo/oisf-users</a><br class="">
</div></div></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></body></html>