[Oisf-users] Suricata compatability with SNORT VRT rules
Peter Manev
petermanev at gmail.com
Sat Feb 7 15:18:54 UTC 2015
On Fri, Feb 6, 2015 at 8:56 AM, Earl Eiland <earl.eiland at root9b.com> wrote:
> Aldeid's Suricata evaluation notes that VRT comparability does not include
> some keywords (file_data, http_raw_uri were mentioned) and that IOFS was
> working integrate them. The test was in 2011, does Suricata now have all of
> the VRT keywords integrated?
>
Not all.
Do you have some specific keywords in mind ?
If you do "suricata --list-keywords" you will be displayed a list of
the currently supported keywords by the engine.
>
> Best Regards,
>
> Earl Eiland,
> Sr. Cyber Security Engineer,
> Emerging Technologies, root9B,
> San Antonio, Texas
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity named. If you are not the
> named addressee you are notified that disclosing, copying, distributing or
> taking any action in reliance on the contents of this information is
> strictly prohibited. Please notify the sender immediately by email if you
> received this email in error and delete this email from your system. Any
> views or opinions presented in this e-mail are solely those of the author
> and do not necessarily represent those of root9B LLC.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list