[Oisf-devel] Adding a Custom Action to Suricata

Mário Costa mario.silva.costa at gmail.com
Mon Feb 22 23:16:53 UTC 2016


Hi Andreas,

I've checked that, already,

I wanted to, add a set of rules (signature), when the signature is
detected start start a server (e.g http, or other), with a protocol
state machine, to communicate with an incoming connection. Similar to
what Haka says it does, but at the tcp layer.

Still not sure if Suricata is the best tool for that ...

PS:
This page is missing
(https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Output_Plugins?parent=Suricata_Developers_Guide),
is referenced in other plugins

Thanks,
mc

On Mon, Feb 22, 2016 at 10:46 PM, Andreas Herz <andi at geekosphere.org> wrote:
> On 22/02/16 at 22:43, Mário Costa wrote:
>> I wanted to add a custom action to suricata, is there any Dev Guide, I
>> could use the help on that ?
>
> Would you like to share with us what you have in mind?
>
> But this is our guide:
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Developers_Guide
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Developer Training in Paris Sept 12-16: http://suricata-ids.org/training/



More information about the Oisf-devel mailing list