[Oisf-devel] Does Suricata support openAppId?

Kevin Buchanan kevin at promithius.net
Thu Oct 20 03:18:44 UTC 2016

Forgive me for interjecting. 

I think it is extremely important not for the engine necessarily, but for event analysis.Having all relevant data in one place is very valuable. This goes beyond simple stats.  

Kevin Buchanan
CTO Promithius

---- On Wed, 19 Oct 2016 13:55:11 -0700 Andreas Herz<andi at geekosphere.org> wrote ---- 

On 18/10/16 at 17:44, Devanath S wrote:
> Hi *,
> Snort/cisco and Palo alto n/ws talk very high about openAppId support. Does
> Suricata support openAppId? or does it have something similar. Please
> suggest.

There was a discussion some time ago:


So it might be nice to support it, but IMHO it's not as nice as it
sounds. But if anyone wants to support/add it, contribute it :)

There might be more need for DPI similar support to detect more
applications especially within HTTP traffic.

Andreas Herz
Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
Redmine: https://redmine.openinfosecfoundation.org/
Suricata User Conference November 9-11 in Washington, DC: http://suricon.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20161019/8d855e5d/attachment-0002.html>

More information about the Oisf-devel mailing list