[Oisf-users] suricata rule & alert message
tidy at holonetsecurity.com
tidy at holonetsecurity.com
Wed Apr 19 01:03:25 UTC 2017
Hi Jason,
Sorry to jump in, besides the open ET rulesets published on the website, is there a place we can get the relative Pcap files to replay.
-Tidy
> On Apr 19, 2017, at 3:02 AM, Jason Ish <lists at ish.cx> wrote:
>
> On 18/04/17 03:13 AM, 박경호 wrote:
>> Dear all,
>> i have two questions.
>> First,
>> i want to use the ET pro rulesets for suricata instead of open rulesets.
>> So, I have tried to contact with proofpoint company for several days.
>> But i couldn't receive any response from proofpoint. It was very very difficult for me....
>> If you know the email address for contact, please let me know the email.
>>
>> Second,
>> What's mean the timestamp in alert message?
>> is it the start time of the packet ? if or not, please explain to me.
>
> Yes, or at least close. In IDS mode the timestamp will be that of the packet that ACK'd the triggering packet. So very close.
>
> Jason
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list