[Oisf-users] Advanced Features Examples?
Will Metcalf
william.metcalf at gmail.com
Fri Jul 2 18:28:31 UTC 2010
Stick with us everybody we maybe a bit slow to respond to some
requests as we are all pretty drained after the release.
Regards,
Will
On Fri, Jul 2, 2010 at 1:10 PM, 0100 <suroot at gmail.com> wrote:
> Anyone?
>
> 0100
>
> On Wed, Jun 30, 2010 at 11:20 AM, 0100 <suroot at gmail.com> wrote:
>> Hi All,
>>
>> Finally getting some time to play with Suricata. So far so good. I
>> have it building and running no problem, and have started trying to
>> get PF_RING working. Multicore performance is very impressive.
>>
>> So now I want to start getting familiar with the more advanced
>> features but I'm having trouble figuring out how to write rules that
>> exercise these new features.
>>
>> Here's some of the things that I think are actually implemented but I
>> can't figure out how to use them:
>>
>> - Generally any new rule features above and beyond snort
>> - I see mention of keywords in the release notes like http_headers
>> etc. How do you use these? Is there a place in the code I can look to
>> easily figure this out? Docs?
>> - Port independent matching (how do I find out what the currently
>> supported protocols are for this?)
>> - What does rule profiling do and how does it work?
>> - IP Reputation - not clear on exactly what this even does much less
>> how to use it. Has this been implemented?
>> - Global variables: Do you just use flowbits for this and the engine
>> takes care of it? What are some examples of ways this could be used?
>>
>> Thanks!
>>
>> 0100
>>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
More information about the Oisf-users
mailing list