[Oisf-users] concern over et migration
erik clark
philosnef at gmail.com
Tue Oct 24 13:34:51 UTC 2017
As Proofpoint moves to suri specific rule enhancements, I have one small
concern. Currently sigs like 2022960 look for chunks of content in a ssl
cert at various depths in the certificate. In the case of ssl breakout, the
cert is malformed, so use of cert hashes isnt possible (cert is rewritten
and has a new hash). Will these existing rules persist in content specific
cert analysis, or will they be replaced with hash rules from places such as
abuse.ch sslbl and the like? Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171024/0948653f/attachment.html>
More information about the Oisf-users
mailing list