[Oisf-users] Correlating Suricata Flows to Form HTTP Sessions

[Cooper F. Nelson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Such a thing does not exist, HTTP is a stateless protocol:

> https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#HTTP_session_state

- -Coop

On 9/1/2015 7:50 PM, Vipul Hari wrote:
> Hi,
> 
> I am using suricata(2.1beta4) to develop an IDP/IPS solution based on
> insights derived from a user's browsing activity.
> 
> The key metrics I am looking for are:
> 1. top websites being visited
> 2. amount of time spend on each website**


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJV54Q8AAoJEKIFRYQsa8FWHn4H/1pjxqTFCQgX5PJjuqmXxG4L
boAJHYgN7zYobsmpJWQwDqijyQwHjIbdhvuYrgKnlLZ50jq+JZ5R9lYatc2uRH/A
yDIerS/4xhOqwTDX4AevmCGXWCuM3S3beE/3agYCg1ag88HW8WC+7sz/gyC8dFAd
IbOIFDFlpiIYasTCW+4cZDhixfOI2w1XZ9cHLNuD7q7/8pc2Mxp7Gh0COdww8UTN
qcmnwy4T5Uve7gJo5GnBTu28NMZJJUfjE3X0sdX0DFw+Ar8Oxc5Uiy2VahceWEHq
ifDmkPgjtTDk/IH8sN3KcAVbZC+m0r5LLqLvLMQaWcLKKU6PgzzfM/dEB4IQIWw=
=BU13
-----END PGP SIGNATURE-----