[Snort-devel] snort3-x509-reputation-plugin released in github

Juliusz Brzostek Juliusz.Brzostek at ...3657...
Mon Jun 6 04:54:12 EDT 2016


CERT Polska has been released one of internal projects - x509
certificates reputation plugin for Snort++.

The plugin can detect/verify malicious traffic on application level (SSL
tunnels). Can be used in LAN and WAN as well, depends on expectations.
There is flexible configuration allows to use it in many scenarios, for
1. detect/block balcklisted SSL certificates,
2. detect flows with certificates other then whitelisted (could be
helpful to establish very restrictive LAN policy)
3. there is possible to create many different rules depending e.g. on
white/black list source of information

See the project on github:

Juliusz Brzostek

More information about the Snort-devel mailing list