[Oisf-users] Suricata File Carving - Malware Detection
Kevin Ross
kevross33 at googlemail.com
Thu Apr 14 09:04:45 UTC 2011
oh right. And even if it isn't Suricata itself is it something that could be
"part" of Suricata i.e something you can install when you install Suricata
or is this sort of thing not going to be done? I know file entropy was on
the possible features list after the last meeting so i guess you mean to
have suricata to dump it to disk and then another post processing tool check
the file (or score it, i.e a value of entropy, IATs, AV before a file is
determined to be malicious or likely malicious).
On 14 April 2011 09:25, Victor Julien <victor at inliniac.net> wrote:
> On 04/14/2011 10:16 AM, Kevin Ross wrote:
> > Probably. I am not a programmer so I am unsure of the practicalities of
> > implementing a dream :) WIth multiple unified files would it all be able
> to
> > be processed into a single front end (i.e barnyard2 into a database for
> > viewing in BASE or snorby)?
>
> Usually frontends like that support multiple "sensors" which we would
> have in this case. One sensor would be Suricata, another the file post
> processing tool.
>
> Cheers,
> Victor
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110414/b2e3a2d2/attachment-0002.html>
More information about the Oisf-users
mailing list