[Oisf-users] File carving techniques with suricata
C. L. Martinez
carlopmart at gmail.com
Tue Feb 19 09:30:41 UTC 2013
Hi all,
I would like to deploy some type of file carving technique (automated
or not) in my actual infrastructure (three suricata sensors with full
pcap traffic captured). In this first stage, I am only interested in
office (word and excel files) and pdf files (and only that comes via
http requests) and sends them to a clamav process or analyze using
cuckoo sandbox.
I see somethig like this in
https://home.regit.org/2012/10/defend-your-network-from-word/, but my
sensors are in IDS mode.
Somebody have tried something like this?? Any tip or example??
Thanks.
More information about the Oisf-users
mailing list