[Oisf-users] Analysis of SSL-decrpyted traffic
Federico Foschini
undicizeri at gmail.com
Tue Feb 25 16:53:59 UTC 2020
Hello,
I’ve configured my firewall to mirror SSL-decrypted traffic to a server in
which I’m running suricata 5.0
I cannot trigger any alert on this type of traffic, even if using zeek or
wireshark I can clearly see that the traffic is HTTP (but on port 443).
In suricata.yaml I’ve added port 443 in HTTP_PORTS variable:
port-groups:
HTTP_PORTS: "[80,81,311,383, 443, ...]"
Is this setting enough?
Is it possible that setting is in conflict with this one in the app-layer?
tls:
enabled: yes
detection-ports:
dp: 443
--
Federico Foschini.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200225/7a311535/attachment.html>
More information about the Oisf-users
mailing list