[Oisf-users] filesha256/filemd5
erik clark
philosnef at gmail.com
Thu Feb 9 16:58:13 UTC 2017
Thank you! Looks good now.
On Thu, Feb 9, 2017 at 11:01 AM, Peter Manev <petermanev at gmail.com> wrote:
> On Thu, Feb 9, 2017 at 4:50 PM, erik clark <philosnef at gmail.com> wrote:
> > Is it possible to do a filesha256 instead of filemd5? I only see
> > documentation on filemd5, but have sha256 sums. How can I alert on files
> > with sha256 sums? Thanks!
> >
>
>
> The routine is the same -
> alert http any any -> any any (msg:"Black list checksum match and
> extract SHA256"; filesha256:fileextraction-chksum.list; filestore;
> sid:666; rev:1;)
> and then the file - fileextraction-chksum.list in your rules directory
> will contain the sha256 sums
>
> Can you please open a doc issue on our redmine for that.
>
> Thank you
>
>
>
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/
> support/
> > List: https://lists.openinfosecfoundation.org/
> mailman/listinfo/oisf-users
> >
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170209/5812c2d4/attachment-0002.html>
More information about the Oisf-users
mailing list