[Oisf-devel] Adding a Custom Action to Suricata

Victor Julien victor at inliniac.net
Tue Feb 23 12:23:09 UTC 2016


On 23-02-16 00:16, Mário Costa wrote:
> I wanted to, add a set of rules (signature), when the signature is
> detected start start a server (e.g http, or other), with a protocol
> state machine, to communicate with an incoming connection. Similar to
> what Haka says it does, but at the tcp layer.

What kind of interaction are you seeking with a connection? In general
Suricata won't be able to start a server, although using the lua
scripting you can do many including start external processes if you'd
want. Not sure if that is wise though :)

Cheers,
Victor

> Still not sure if Suricata is the best tool for that ...
> 
> PS:
> This page is missing
> (https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Output_Plugins?parent=Suricata_Developers_Guide),
> is referenced in other plugins
> 
> Thanks,
> mc
> 
> On Mon, Feb 22, 2016 at 10:46 PM, Andreas Herz <andi at geekosphere.org> wrote:
>> On 22/02/16 at 22:43, Mário Costa wrote:
>>> I wanted to add a custom action to suricata, is there any Dev Guide, I
>>> could use the help on that ?
>>
>> Would you like to share with us what you have in mind?
>>
>> But this is our guide:
>>
>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Developers_Guide
>>
>> --
>> Andreas Herz
>> _______________________________________________
>> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>> Redmine: https://redmine.openinfosecfoundation.org/
>> Developer Training in Paris Sept 12-16: http://suricata-ids.org/training/
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Developer Training in Paris Sept 12-16: http://suricata-ids.org/training/
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-devel mailing list