[Oisf-users] Advanced Features Examples?

Will Metcalf william.metcalf at gmail.com
Fri Jul 2 18:28:31 UTC 2010


Stick with us everybody we maybe a bit slow to respond to some
requests as we are all pretty drained after the release.

Regards,

Will

On Fri, Jul 2, 2010 at 1:10 PM, 0100 <suroot at gmail.com> wrote:
> Anyone?
>
> 0100
>
> On Wed, Jun 30, 2010 at 11:20 AM, 0100 <suroot at gmail.com> wrote:
>> Hi All,
>>
>> Finally getting some time to play with Suricata. So far so good. I
>> have it building and running no problem, and have started trying to
>> get PF_RING working. Multicore performance is very impressive.
>>
>> So now I want to start getting familiar with the more advanced
>> features but I'm having trouble figuring out how to write rules that
>> exercise these new features.
>>
>> Here's some of the things that I think are actually implemented but I
>> can't figure out how to use them:
>>
>> - Generally any new rule features above and beyond snort
>>  - I see mention of keywords in the release notes like http_headers
>> etc. How do you use these? Is there a place in the code I can look to
>> easily figure this out? Docs?
>>  - Port independent matching (how do I find out what the currently
>> supported protocols are for this?)
>> - What does rule profiling do and how does it work?
>> - IP Reputation - not clear on exactly what this even does much less
>> how to use it. Has this been implemented?
>> - Global variables: Do you just use flowbits for this and the engine
>> takes care of it? What are some examples of ways this could be used?
>>
>> Thanks!
>>
>> 0100
>>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>



More information about the Oisf-users mailing list