[Oisf-users] suricata rule & alert message

erik clark philosnef at gmail.com
Wed Apr 19 11:46:01 UTC 2017


Tidy, I had recently done a thorough side by side analysis of Suricata ET
Pro, Snort ET Pro,  ET Pro intel feed, and Cisco Talos (for Snort and where
feasible for Suricata). I worked extensively with the folks at ET (afaict
you don't contact Proofpoint directly, but the support people at ET,
assuming you actually have an ET Pro license), and had a lot of success
during my pilot phase. If you would like to take this offlist with Jason
Williams and myself, I am sure we can get you relevant information for your
questions.

---
Jason,

        I would like to visualise and associate the ET rulesets, pcap files
and related event log in web to further study,  and I would like also
compare the same detection rate between suricata and snort for the same
files.

       Very appreciated you can help give Pcap files.


-Tidy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170419/4f090344/attachment-0002.html>


More information about the Oisf-users mailing list