[Oisf-users] concern over et migration

erik clark philosnef at gmail.com
Tue Oct 24 13:34:51 UTC 2017

As Proofpoint moves to suri specific rule enhancements, I have one small
concern. Currently sigs like 2022960 look for chunks of content in a ssl
cert at various depths in the certificate. In the case of ssl breakout, the
cert is malformed, so use of cert hashes isnt possible (cert is rewritten
and has a new hash). Will these existing rules persist in content specific
cert analysis, or will they be replaced with hash rules from places such as
abuse.ch sslbl and the like? Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171024/0948653f/attachment.html>

More information about the Oisf-users mailing list