[Snort-devel] Graph based IDS
florian.klickermann at ...2499...
Fri May 10 04:53:03 EDT 2013
I'm a new user of snort and I want to develop a graph based IDS module for
it. This graph based module should use the sniffed TCP/IP connections from
snort to check if the connection is new or not.
Therefore I need a Snort Specification document but i cant find it.
I need the following Information for my project:
- Which variable saves the IP address or can I create a rule which sends
all IP connections to a file or a variable?
- Through which API can I include my new module?
- Do I need a new preprocessor for my project?
Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel