[Oisf-users] Application awareness
Andreas Herz
andi at geekosphere.org
Wed Jul 20 06:52:39 UTC 2016
On 20/07/16 at 12:08, Vishal Kotalwar wrote:
> Thanks Andreas for the reply, appreciate it.
>
> what I can tell you is, how I may use this feature (probable use cases) if
> implemented.
>
> 1) Control or blocking of traffic: Example - I may want to allow
> Facebook.com but block the games (say Farmville) or facebook chat
Some of that might be already managed by rules but you will run into
issues nowadays, since more and more services are using HTTPS and we
can't look into encrypted traffic.
> 2) Statistics: I may want to know how many people are using Chrome browser
> in my network, more detailed could be chrome from desktop/laptop and mobile;
> next level could be which OS on those devices (e.g. windows, linux, mac,
> Blackberry, android, ios etc)
You could check for User-Agent in a rule and also use similiar rules to
detect the OS. I guess that should be possible already with the correct
rules.
> 3) Rate limit: I may want to rate limit video/audio streaming applications
> on my network to free up bandwidth
Well that's not really a task for Suricata, that would fit into other
tools/systems.
> On 20-Jul-16 12:41 AM, Andreas Herz wrote:
> >On 19/07/16 at 16:49, Vishal Kotalwar wrote:
> >>Hi All,
> >>
> >> I was going through all the information on suricata through different
> >>websites and articles but could not find any information on application
> >>recognition or classification capability. Does suricata have this feature or
> >>is it in road-map for next releases.
> >There is no dedicated application awareness although this depends on a
> >ruleset as well.
> >It is a feature we're looking into, but would need a lot of work.
> >
> >Do you have some more details about how you would want such a feature?
> >
>
> --
> Thanks & Regards,
> Vishal V. Kotalwar
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
--
Andreas Herz
More information about the Oisf-users
mailing list