[Oisf-users] Suricata SSL decryption

Michał Purzyński michalpurzynski1 at gmail.com
Thu Nov 1 21:09:41 UTC 2018 

The way to do it is to decrypt ssl prior to suricata. 


> On Nov 1, 2018, at 1:10 PM, Jordon Carpenter <jordon.carpenter at rooksecurity.com> wrote:
> 
> Thanks for the response!
> 
> Thanks,
> Jordon Carpenter
> Rook Security
> Anticipate, Manage, & Eliminate Threats
> 
> O: 888.712.9531 x734
> E: jordon.carpenter at rooksecurity.com
> 
>         
> 
> 
> This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message.
> 
>> On November 1, 2018 at 3:53:23 PM, Cooper F. Nelson (cnelson at ucsd.edu) wrote:
>> 
>> Not currently.
>> 
>> Some vendors are starting to sell switched taps that have this functionality, however.
>> 
>> -Coop
>> 
>> 
>>> On 11/1/2018 12:50 PM, Jordon Carpenter wrote:
>>> Is suricata able to fully decrypt SSL if it has the appropriate keys?
>>> 
>>> Thanks,
>>> Jordon Carpenter
>>> Rook Security
>>> Anticipate, Manage, & Eliminate Threats
>>> 
>>> O: 888.712.9531 x734
>>> E: jordon.carpenter at rooksecurity.com
>>> 
>>>          
>>> 
>>> 
>>> This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message.
>>> 
>>> 
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> 
>>> Conference: https://suricon.net
>>> Trainings: https://suricata-ids.org/training/
>> 
>> --  
>> Cooper Nelson
>> Network Security Analyst
>> UCSD ITS Security Team
>> cnelson at ucsd.edu x41042
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181101/50762a41/attachment.html>

More information about the Oisf-users mailing list