StratosphereLinuxIPS icon indicating copy to clipboard operation
StratosphereLinuxIPS copied to clipboard
verified publisher icon stratosphereips

Read quic.log zeek file, detections done on the server_name for http and tls should be detected in the server_name in quic

Open AlyaGomaa opened this issue 1 year ago • 3 comments

AlyaGomaa avatar Jul 30 '24 13:07 AlyaGomaa

Hey @AlyaGomaa is this a new detection module? Also where can I find quic.log zeek file?

patel-lay avatar Aug 13 '24 23:08 patel-lay

Hi @patel-lay. I just created a new branch with a quick.log file. It is being merged into develop soon too. You can use this for your work.

This is not a new detection module, but just needs an adaptation of the current modules to read the SNI from quick.log files, just as it is being read from ssl.log files.

eldraco avatar Aug 16 '24 08:08 eldraco

@patel-lay sebastian's branch is merged to develop

AlyaGomaa avatar Aug 16 '24 15:08 AlyaGomaa