[Oisf-users] suricata rule & alert message

tidy at holonetsecurity.com tidy at holonetsecurity.com
Wed Apr 19 01:03:25 UTC 2017


Hi Jason,
   Sorry to jump in, besides the open ET rulesets published on the website, is there a place we can get the relative Pcap files to replay.

-Tidy

> On Apr 19, 2017, at 3:02 AM, Jason Ish <lists at ish.cx> wrote:
> 
> On 18/04/17 03:13 AM, 박경호 wrote:
>> Dear all,
>> i have two questions.
>> First,
>> i want to use the ET pro rulesets for suricata instead of open rulesets.
>> So, I have tried to contact with proofpoint company for several days.
>> But i couldn't receive any response from proofpoint. It was very very difficult for me....
>> If you know the email address for contact, please let me know the email.
>>>> ​Second,
>> ​What's mean the timestamp in alert message?
>> ​is it the start time of the packet ? if or not, please explain to me.
> 
> Yes, or at least close. In IDS mode the timestamp will be that of the packet that ACK'd the triggering packet. So very close.
> 
> Jason
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users




More information about the Oisf-users mailing list