[Oisf-devel] Does Suricata support openAppId?

Duarte Silva duarte.silva at serializing.me
Thu Oct 20 12:06:18 UTC 2016


I think there is some added value from an incident response point of view.
Not having to do much to identify if it something already known.

I do however have to agree with Michał, there might be stuff that require
development time with higher priority than this (even for the community
developers).


On Thursday, October 20, 2016, Michał Purzyński <michalpurzynski1 at gmail.com>
wrote:

> Even better to stop wasting development time on this security theater.
> Event analysis can be augmented with current DNS/http/https and similar
> app analyzers. Esp. That TLS 1.3 will encrypt everything.
>
> On 20 Oct 2016, at 05:18, Kevin Buchanan <kevin at promithius.net
> <javascript:_e(%7B%7D,'cvml','kevin at promithius.net');>> wrote:
>
> Forgive me for interjecting.
>
> I think it is extremely important not for the engine necessarily, but for
> event analysis.
> Having all relevant data in one place is very valuable. This goes beyond
> simple stats.
>
> Thanks
> Kevin Buchanan
> CTO Promithius
>
> ---- On Wed, 19 Oct 2016 13:55:11 -0700 *Andreas
> Herz<andi at geekosphere.org
> <javascript:_e(%7B%7D,'cvml','andi at geekosphere.org');>>* wrote ----
>
> On 18/10/16 at 17:44, Devanath S wrote:
> > Hi *,
> >
> > Snort/cisco and Palo alto n/ws talk very high about openAppId support.
> Does
> > Suricata support openAppId? or does it have something similar. Please
> > suggest.
>
> There was a discussion some time ago:
>
> https://lists.openinfosecfoundation.org/pipermail/oisf-users/2015-
> January/004498.html
>
> So it might be nice to support it, but IMHO it's not as nice as it
> sounds. But if anyone wants to support/add it, contribute it :)
>
> There might be more need for DPI similar support to detect more
> applications especially within HTTP traffic.
>
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> <javascript:_e(%7B%7D,'cvml','oisf-devel at openinfosecfoundation.org');>
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/
> participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Suricata User Conference November 9-11 in Washington, DC:
> http://suricon.net
>
>
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> <javascript:_e(%7B%7D,'cvml','oisf-devel at openinfosecfoundation.org');>
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/
> participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Suricata User Conference November 9-11 in Washington, DC:
> http://suricon.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20161020/d6552d1c/attachment-0002.html>


More information about the Oisf-devel mailing list