[Oisf-users] Query about suri and ET CURRENT_EVENTS - Applet Tag In Edwards Packed JavaScript - 2015708
Russell Fulton
r.fulton at auckland.ac.nz
Tue Oct 21 03:04:20 UTC 2014
On 21/10/2014, at 3:52 pm, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> Signed PGP part
> Probably just means the sig is triggering on a later packet.
>
> I'm pretty sure suri only logs packets that match a signature.
Hmmm… I am see quite a few cases where suri is logging a stream of packet - always for a http download.
> This is
> why its recommended to use an indexed full-packet capture system along
> with an IDS.
Agreed. I wish I had the resources to run moloch, at the moment I am making do with streamdb.
Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141021/869115e4/attachment.sig>
More information about the Oisf-users
mailing list