[Oisf-users] suricata rule & alert message

Jason Williams jwilliams at emergingthreats.net
Wed Apr 19 01:25:51 UTC 2017


If there's something specific you're looking for, I may be able to help off
list. There is not a repository of pcap files correlating to ET rules
publicly available that I am aware of.

Thanks,

Jason

On Tue, Apr 18, 2017 at 8:03 PM, tidy at holonetsecurity.com <
tidy at holonetsecurity.com> wrote:

> Hi Jason,
>    Sorry to jump in, besides the open ET rulesets published on the
> website, is there a place we can get the relative Pcap files to replay.
>
> -Tidy
>
> > On Apr 19, 2017, at 3:02 AM, Jason Ish <lists at ish.cx> wrote:
> >
> > On 18/04/17 03:13 AM, 박경호 wrote:
> >> Dear all,
> >> i have two questions.
> >> First,
> >> i want to use the ET pro rulesets for suricata instead of open rulesets.
> >> So, I have tried to contact with proofpoint company for several days.
> >> But i couldn't receive any response from proofpoint. It was very very
> difficult for me....
> >> If you know the email address for contact, please let me know the email.
> >> ​
> >> ​Second,
> >> ​What's mean the timestamp in alert message?
> >> ​is it the start time of the packet ? if or not, please explain to me.
> >
> > Yes, or at least close. In IDS mode the timestamp will be that of the
> packet that ACK'd the triggering packet. So very close.
> >
> > Jason
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/
> support/
> > List: https://lists.openinfosecfoundation.org/
> mailman/listinfo/oisf-users
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170418/fe61d3f2/attachment-0002.html>


More information about the Oisf-users mailing list