securityonion FEATURE: GQUIC analyzer

FEATURE: GQUIC analyzer

Open TOoSmOotH opened this issue 2 years ago • 6 comments

Discussed in https://github.com/Security-Onion-Solutions/securityonion/discussions/6916

^{Originally posted by petiepooo January 18, 2022} More and more, we're seeing QUIC traffic. It would be nice to integrate https://github.com/salesforce/GQUIC_Protocol_Analyzer into zeek in SecurityOnion.

Jan 19 '22 17:01 TOoSmOotH

At a quic glance, it looks like https://github.com/salesforce/GQUIC_Protocol_Analyzer is not yet compatible with Zeek 4.0: https://github.com/salesforce/GQUIC_Protocol_Analyzer/pull/12 https://github.com/salesforce/GQUIC_Protocol_Analyzer/pull/14

https://github.com/corelight/zeek-quic may be more current.

Jan 21 '22 12:01 dougburks

Punny! 😂

Jan 21 '22 14:01 petiepooo

securityonion securityonion copied to clipboard

FEATURE: GQUIC analyzer

Discussed in https://github.com/Security-Onion-Solutions/securityonion/discussions/6916

securityonion
securityonion copied to clipboard