[Oisf-users] suricata rule & alert message

tidy at holonetsecurity.com tidy at holonetsecurity.com
Wed Apr 19 07:46:46 UTC 2017


Jason, 

	I would like to visualise and associate the ET rulesets, pcap files and related event log in web to further study,  and I would like also compare the same detection rate between suricata and snort for the same files.

       Very appreciated you can help give Pcap files.


-Tidy


> On Apr 19, 2017, at 9:25 AM, Jason Williams <jwilliams at emergingthreats.net> wrote:
> 
> If there's something specific you're looking for, I may be able to help off list. There is not a repository of pcap files correlating to ET rules publicly available that I am aware of.
> 
> Thanks,
> 
> Jason 
> 
> On Tue, Apr 18, 2017 at 8:03 PM, tidy at holonetsecurity.com <mailto:tidy at holonetsecurity.com> <tidy at holonetsecurity.com <mailto:tidy at holonetsecurity.com>> wrote:
> Hi Jason,
>    Sorry to jump in, besides the open ET rulesets published on the website, is there a place we can get the relative Pcap files to replay.
> 
> -Tidy
> 
> > On Apr 19, 2017, at 3:02 AM, Jason Ish <lists at ish.cx <mailto:lists at ish.cx>> wrote:
> >
> > On 18/04/17 03:13 AM, 박경호 wrote:
> >> Dear all,
> >> i have two questions.
> >> First,
> >> i want to use the ET pro rulesets for suricata instead of open rulesets.
> >> So, I have tried to contact with proofpoint company for several days.
> >> But i couldn't receive any response from proofpoint. It was very very difficult for me....
> >> If you know the email address for contact, please let me know the email.
> >> ​
> >> ​Second,
> >> ​What's mean the timestamp in alert message?
> >> ​is it the start time of the packet ? if or not, please explain to me.
> >
> > Yes, or at least close. In IDS mode the timestamp will be that of the packet that ACK'd the triggering packet. So very close.
> >
> > Jason
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org <mailto:oisf-users at openinfosecfoundation.org>
> > Site: http://suricata-ids.org <http://suricata-ids.org/> | Support: http://suricata-ids.org/support/ <http://suricata-ids.org/support/>
> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users <https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users>
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org <mailto:oisf-users at openinfosecfoundation.org>
> Site: http://suricata-ids.org <http://suricata-ids.org/> | Support: http://suricata-ids.org/support/ <http://suricata-ids.org/support/>
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users <https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170419/79bc1153/attachment-0002.html>


More information about the Oisf-users mailing list