[Oisf-users] suricata rule & alert message
erik clark
philosnef at gmail.com
Wed Apr 19 11:46:01 UTC 2017
Tidy, I had recently done a thorough side by side analysis of Suricata ET
Pro, Snort ET Pro, ET Pro intel feed, and Cisco Talos (for Snort and where
feasible for Suricata). I worked extensively with the folks at ET (afaict
you don't contact Proofpoint directly, but the support people at ET,
assuming you actually have an ET Pro license), and had a lot of success
during my pilot phase. If you would like to take this offlist with Jason
Williams and myself, I am sure we can get you relevant information for your
questions.
---
Jason,
I would like to visualise and associate the ET rulesets, pcap files
and related event log in web to further study, and I would like also
compare the same detection rate between suricata and snort for the same
files.
Very appreciated you can help give Pcap files.
-Tidy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170419/4f090344/attachment-0002.html>
More information about the Oisf-users
mailing list