<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"></div><div dir="ltr">The way to do it is to decrypt ssl prior to suricata. </div><div dir="ltr"><br></div><div dir="ltr"><br>On Nov 1, 2018, at 1:10 PM, Jordon Carpenter <<a href="mailto:jordon.carpenter@rooksecurity.com">jordon.carpenter@rooksecurity.com</a>> wrote:<br><br></div><blockquote type="cite"><div dir="ltr"><style>body{font-family:Helvetica,Arial;font-size:13px}</style><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;margin:0px;line-height:auto">Thanks for the response!</div> <br> <div id="bloop_sign_1541102991343770880" class="bloop_sign"><span style="color:rgb(34,34,34);font-variant-ligatures:normal;font-size:14px;font-family:roboto,sans-serif"><strong><span style="color:rgb(0,0,0)">Thanks,<br>Jordon Carpenter</span></strong></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal"><span style="font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif"><a href="https://www.rooksecurity.com/" target="_blank" style="color:rgb(0,0,0)">Rook Security</a></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal"><span style="color:rgb(34,34,34);font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif"><em><span style="color:rgb(0,0,0)">Anticipate, Manage, & Eliminate Threats</span></em></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal"><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal"><span style="font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif">O: <a href="tel:(888)%20712-9531" value="+18887129531" target="_blank" style="color:rgb(17,85,204)">888.712.9531 x734</a></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal"><span style="font-variant-ligatures:normal;font-size:12px;font-family:calibri,sans-serif"><span style="font-family:roboto,sans-serif">E: <a href="mailto:jordon.carpenter@rooksecurity.com" target="_blank" style="color:rgb(17,85,204)">jordon.carpenter@rooksecurity.<wbr>com</a><br><br></span><span style="font-family:roboto,sans-serif"><a href="https://www.facebook.com/rookteam" target="_blank" style="color:rgb(17,85,204)"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-FB.png" border="0" alt="rookteam" class="CToWUd"></a> <a href="https://twitter.com/rooksecurity" target="_blank" style="color:rgb(17,85,204)"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-TW.png" border="0" alt="rooksecurity" class="CToWUd"></a> <a href="https://www.linkedin.com/company/rook-security" target="_blank" style="color:rgb(17,85,204)"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-LI.png" border="0" alt="Rook LinkedIn" class="CToWUd"></a></span><br><br><br><span style="font-size:10px"><span style="font-family:roboto,sans-serif">This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message.</span></span></span></div> <br><p class="airmail_on">On November 1, 2018 at 3:53:23 PM, Cooper F. Nelson (<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div text="#000000" bgcolor="#FFFFFF"><div></div><div>
<title></title>
<p>Not currently.</p>
<p>Some vendors are starting to sell switched taps that have this
functionality, however.<br></p>
<p>-Coop<br></p>
<br>
<div class="moz-cite-prefix">On 11/1/2018 12:50 PM, Jordon
Carpenter wrote:<br></div>
<blockquote type="cite" cite="mid:CAAQNPCjB5VpEgJUbK0u5jQ9Bnydrtw5XW-QSNTYMPKFsTjHqTA@mail.gmail.com">
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;margin:0px;line-height:auto">
Is suricata able to fully decrypt SSL if it has the appropriate
keys?</div>
<br>
<div id="bloop_sign_1541101735918635008" class="bloop_sign">
<span style="color:rgb(34,34,34);font-variant-ligatures:normal;font-size:14px;font-family:roboto,sans-serif">
<strong><span style="color:rgb(0,0,0)">Thanks,<br>
Jordon Carpenter</span></strong></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">
<span style="font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif">
<a href="https://www.rooksecurity.com/" target="_blank" style="color:rgb(0,0,0)">Rook
Security</a></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">
<span style="color:rgb(34,34,34);font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif">
<em><span style="color:rgb(0,0,0)">Anticipate, Manage, &
Eliminate Threats</span></em></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">
<br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">
<span style="font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif">
O: <a href="tel:%28888%29%20712-9531" value="+18887129531" target="_blank" style="color:rgb(17,85,204)">888.712.9531 x734</a></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">
<span style="font-variant-ligatures:normal;font-size:12px;font-family:calibri,sans-serif">
<span style="font-family:roboto,sans-serif">E: <a href="mailto:jordon.carpenter@rooksecurity.com" target="_blank" style="color:rgb(17,85,204)">jordon.carpenter@rooksecurity.<wbr>com</a><br>
<br></span> <span style="font-family:roboto,sans-serif"><a href="https://www.facebook.com/rookteam" target="_blank" style="color:rgb(17,85,204)"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-FB.png" alt="rookteam" class="CToWUd" border="0"></a> <a href="https://twitter.com/rooksecurity" target="_blank" style="color:rgb(17,85,204)"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-TW.png" alt="rooksecurity" class="CToWUd" border="0"></a> <a href="https://www.linkedin.com/company/rook-security" target="_blank" style="color:rgb(17,85,204)"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-LI.png" alt="Rook LinkedIn" class="CToWUd" border="0"></a></span><br>
<br>
<br>
<span style="font-size:10px"><span style="font-family:roboto,sans-serif">This e-mail may contain
confidential and privileged material for the sole use of the
intended recipient. Any review, use, distribution or disclosure by
others is strictly prohibited. If you are not the intended
recipient (or authorized to receive for the recipient), please
contact the sender by reply e-mail and delete all copies of this
message.</span></span></span></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Suricata IDS Users mailing list: <a class="moz-txt-link-abbreviated" href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a>
Site: <a class="moz-txt-link-freetext" href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a class="moz-txt-link-freetext" href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a>
List: <a class="moz-txt-link-freetext" href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>
Conference: <a class="moz-txt-link-freetext" href="https://suricon.net">https://suricon.net</a>
Trainings: <a class="moz-txt-link-freetext" href="https://suricata-ids.org/training/">https://suricata-ids.org/training/</a></pre></blockquote>
<br>
<pre class="moz-signature" cols="72">--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
<a class="moz-txt-link-abbreviated" href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a> x41042</pre>
</div></div></span></blockquote>
</div></blockquote><blockquote type="cite"><div dir="ltr"><span>_______________________________________________</span><br><span>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a></span><br><span>Site: <a href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a></span><br><span>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a></span><br><span></span><br><span>Conference: <a href="https://suricon.net">https://suricon.net</a></span><br><span>Trainings: <a href="https://suricata-ids.org/training/">https://suricata-ids.org/training/</a></span></div></blockquote></body></html>