[Oisf-users] Layer 7 Analysis with Suricata?
Andreas Herz
andi at geekosphere.org
Sat Jan 20 23:09:35 UTC 2018
On 20/01/18 at 19:29, Victor Hooi wrote:
> However, OpenAppID doesn't work with Suricata, right? Does Suricata have
> something similar?
The main issue that you need a source for such rules/signatures to match
applications. They change a lot. But it's technically possible with
normal rules or even more detailed with the Lua scripts you can use with
suricata.
At a former workplace I took a look into openappid and many applications
updated too often for it to keep on track. So I would recommend to focus
on signatures to match specific apps.
--
Andreas Herz
More information about the Oisf-users
mailing list