[Oisf-users] suricata rule & alert message
Jason Ish
lists at ish.cx
Tue Apr 18 19:02:34 UTC 2017
On 18/04/17 03:13 AM, 박경호 wrote:
> Dear all,
>
> i have two questions.
>
> First,
>
> i want to use the ET pro rulesets for suricata instead of open rulesets.
>
> So, I have tried to contact with proofpoint company for several days.
> But i couldn't receive any response from proofpoint. It was very very
> difficult for me....
> If you know the email address for contact, please let me know the email.
>
> Second,
> What's mean the timestamp in alert message?
> is it the start time of the packet ? if or not, please explain to me.
Yes, or at least close. In IDS mode the timestamp will be that of the
packet that ACK'd the triggering packet. So very close.
Jason
More information about the Oisf-users
mailing list