[Oisf-devel] Question about the Detection posibilities Suricata

Peter Manev petermanev at gmail.com
Mon Mar 30 12:21:14 UTC 2015


On Mon, Mar 30, 2015 at 1:56 PM, Vasily A. Sartakov
<sartakov at ksyslabs.org> wrote:
>
>> 30 марта 2015 г., в 14:17, Nick de Bruijn <nick_hyves at hotmail.com> написал(а):
>>
>> Dear oisf-devel,
>>
>> I was wondering if you could help me to find the answer of my question.
>>
>> I'm wondering if there are any possibilities (or plug-ins), for Suricata to scan on network behavior to detect attacks (anomaly based scanning).
>
> if you are talking about machine learning, statistics, behavior etc - not, Suricata can not detect this kind of anomalies
>
>> Or is Suricata bound to Signatures / rules (missuse  based scanning).
>
> signatures/rules/specifications

Lua scripting as well (ET example) -
https://github.com/EmergingThreats/et-luajit-scripts

>
>
>> You would very much help me to answer this question.
>>
>> Kind regards,
>> Nick
>> _______________________________________________
>> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>> Redmine: https://redmine.openinfosecfoundation.org/
>
> --
> Vasily A. Sartakov
> sartakov at ksyslabs.org
>
>
>
>
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/



-- 
Regards,
Peter Manev



More information about the Oisf-devel mailing list