On 15/01/18 at 13:49, Victor Hooi wrote: > However, OpenAppID doesn't work with Suricata, right? Does Suricata have > something similar? We don't support openappid. IMHO the main issue with that is the detection of applications. You "just" need to write detection for them and always keep this up-to-date. -- Andreas Herz