[Oisf-users] Endpoints outside of the US (Albert E. Whale, CEH CHS CISA CISSP)
Jag Mander
jag at thecybersecurityexpert.com
Thu Jan 24 15:48:13 UTC 2019
As Coop explained cloud computing means your traffic could head to lots of
different countries.
I wondered if the Server Name Indication SNI field was present in the
traffic and does that help identify what the traffic is related to i.e.
onedrive, dropbox etc.
https://suricata.readthedocs.io/en/suricata-4.0.5/rules/tls-keywords.html
I can't tell you how this would work specifically in Suricata because we
use a different method to pull out SNI fields on SSL/TLS traffic. Regards
Jag
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190124/a74f5889/attachment.html>
More information about the Oisf-users
mailing list