[Oisf-users] Is there any possible Suricata could support OpenAppId?
Liao Zhuodi
liao_zd at foxmail.com
Fri Jan 30 09:29:44 UTC 2015
Suricata support Lua script, and OpenAppID is actually functions in Lua like this:
function DetectorInit(detectorInstance)
gDetector = detectorInstance
gDetector:addAppUrl(0, 0, 0, 52, 13, "msn.com", "/", "http:", "", 308)
return gDetector
end
and the best part about OpenAppID is it can generate app statics, does suricata has similar function?
#> u2openappid /var/log/snort/appstats-u2.log.1393807981
statTime="1393807860",appName="chrome",txBytes="6043",rxBytes="111267"
statTime="1393807860",appName="dns",txBytes="8708",rxBytes="38103"
OpenAppID: http://blog.snort.org/2014/03/firing-up-openappid.html
Liao
More information about the Oisf-users
mailing list