[Oisf-users] Advanced Features Examples?

Will Metcalf william.metcalf at gmail.com
Fri Jul 2 18:28:31 UTC 2010

Stick with us everybody we maybe a bit slow to respond to some
requests as we are all pretty drained after the release.



On Fri, Jul 2, 2010 at 1:10 PM, 0100 <suroot at gmail.com> wrote:
> Anyone?
> 0100
> On Wed, Jun 30, 2010 at 11:20 AM, 0100 <suroot at gmail.com> wrote:
>> Hi All,
>> Finally getting some time to play with Suricata. So far so good. I
>> have it building and running no problem, and have started trying to
>> get PF_RING working. Multicore performance is very impressive.
>> So now I want to start getting familiar with the more advanced
>> features but I'm having trouble figuring out how to write rules that
>> exercise these new features.
>> Here's some of the things that I think are actually implemented but I
>> can't figure out how to use them:
>> - Generally any new rule features above and beyond snort
>>  - I see mention of keywords in the release notes like http_headers
>> etc. How do you use these? Is there a place in the code I can look to
>> easily figure this out? Docs?
>>  - Port independent matching (how do I find out what the currently
>> supported protocols are for this?)
>> - What does rule profiling do and how does it work?
>> - IP Reputation - not clear on exactly what this even does much less
>> how to use it. Has this been implemented?
>> - Global variables: Do you just use flowbits for this and the engine
>> takes care of it? What are some examples of ways this could be used?
>> Thanks!
>> 0100
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

More information about the Oisf-users mailing list