Psipher Diaz

bump

I see in 1.0.1 there is support for additional lognorm fieldnames (url,hash) presumably to support bluedot. Not sure if bro intel values are also checked against those fieldnames..

In addition to the scenario @msudol mentioned we can be certain adversaries worth their salt wont care about TLS validation or version. Its common for script teens (not kiddies anymore?)...

Curious as to if your using a released classifier like weka or writing your own? Also I wanted to mention the excellent nDPI library for Layer7 stuff which it seems...

Actually not running security onion but our architecture is similiar to their newer ELK based architecture. Basically we render logs in JSON to avoid having to define TSV fields in...

It seems their was not a missing pipe but instead the classification was not appended to the initial header even though it was defined. cn = ClassTypeLookupById(barnyard2_conf, ntohl(((Unified2EventCommon *)event)->classification_id)); In...

Judging from the response to issue #122 there wont be support for appid either?

Thx for this

Perhaps look at npcapindex from n2disk project. Creates bitmap based index of pcap greatly accelerating the extraction process.

> We were discussing this in the team, and we're wondering if this belongs in Suricata at all? It seems these programs can be loaded from outside Suricata as well?...