[Oisf-devel] Does Suricata support openAppId?

Michał Purzyński michalpurzynski1 at gmail.com
Thu Oct 20 09:56:33 UTC 2016


Even better to stop wasting development time on this security theater.
Event analysis can be augmented with current DNS/http/https and similar app analyzers. Esp. That TLS 1.3 will encrypt everything.

> On 20 Oct 2016, at 05:18, Kevin Buchanan <kevin at promithius.net> wrote:
> 
> Forgive me for interjecting. 
> 
> I think it is extremely important not for the engine necessarily, but for event analysis.
> Having all relevant data in one place is very valuable. This goes beyond simple stats.  
> 
> Thanks
> Kevin Buchanan
> CTO Promithius
> 
> ---- On Wed, 19 Oct 2016 13:55:11 -0700 Andreas Herz<andi at geekosphere.org> wrote ---- 
> On 18/10/16 at 17:44, Devanath S wrote:
> > Hi *,
> > 
> > Snort/cisco and Palo alto n/ws talk very high about openAppId support. Does
> > Suricata support openAppId? or does it have something similar. Please
> > suggest.
> 
> There was a discussion some time ago:
> 
> https://lists.openinfosecfoundation.org/pipermail/oisf-users/2015-January/004498.html
> 
> So it might be nice to support it, but IMHO it's not as nice as it
> sounds. But if anyone wants to support/add it, contribute it :)
> 
> There might be more need for DPI similar support to detect more
> applications especially within HTTP traffic.
> 
> 
> -- 
> Andreas Herz
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Suricata User Conference November 9-11 in Washington, DC: http://suricon.net
> 
> 
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Suricata User Conference November 9-11 in Washington, DC: http://suricon.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20161020/c80962c7/attachment-0002.html>


More information about the Oisf-devel mailing list