[Oisf-users] Configure Suricata to inspect HTTP body (Detect Credit Cards in clear)?

Kevin Geil info at friendandfamilytech.com
Sun Jun 25 13:31:18 UTC 2017

Hi, I'm trying to get suricata to detect credit card numbers transmitted in
cleartext, and am having some trouble.  I am using the rules referenced
here: doc.emergingthreats.net/2001375  Through 2001383.  I have tested the
regexes  against my test data, and have confirmed that they match.  I'm
trying to test using dlptest.com (and other similar sites), and can't get
the rules to fire, using either http or FTP.  I have tested Suricata by
using suspicious user agent strings, and have confirmed that it's working.

I haven't found anything in documentation regarding this, but I'm thinking
my suricata instance (the one built in to Alienvault's OSSIM) is somehow
configured to only look at http and ftp headers.  Perhaps that's not my
problem at all.

In any case, if someone could point me in the right direction on how to get
these rules to fire, I'd greatly appreciate it.

Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170625/5c675454/attachment.html>

More information about the Oisf-users mailing list