[Oisf-users] Detecting XSS

C. L. Martinez carlopmart at gmail.com
Fri Jun 1 07:22:39 UTC 2018

Hi all,

 I am doing some XSS tests with Suricata 4.0.4 and 4.1beta1 (both installed
under CentOS 7.5 fully patched) and they are not detected by Suricata.

 For example launching a request like:


 ... no alert is triggerred and I have loaded and activated all ET-open
rules under Suricata.

eve.json only log the server response and not the client request.

 Arrived to this point, What is the best way to manage this type of attack?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180601/d45ff0c6/attachment.html>

More information about the Oisf-users mailing list