[Oisf-users] Two Suricata Rule Questions

Nasir Bilal bilalbox at gmail.com
Thu Dec 24 17:12:26 UTC 2015

Hello OISF Users,

I have a couple of questions about Suricata/Snort rules:
1) Is there a way to reference a list of strings in a suricata rule,
similar to the ipreputation engine, and the way it references external text
files full of IP's? We're looking at using Suricata for URL filtering.

2) Similar to the first question, is there a way to read specifically from
the SSL Server Certificate fields in the SSL/TLS handshake during HTTPS
session initiation? We'd like to perform URL filtering on HTTPS traffic
without SSL decrypt, and I know that many vendors do this by reading the
fields of the SSL server certificates.

Thanks everyone, and I look forward to your replies!

Nasir Bilal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151224/8d33be1c/attachment.html>

More information about the Oisf-users mailing list