[Snort-devel] snort3-x509-reputation-plugin released in github
Juliusz.Brzostek at ...3657...
Mon Jun 6 04:54:12 EDT 2016
CERT Polska has been released one of internal projects - x509
certificates reputation plugin for Snort++.
The plugin can detect/verify malicious traffic on application level (SSL
tunnels). Can be used in LAN and WAN as well, depends on expectations.
There is flexible configuration allows to use it in many scenarios, for
1. detect/block balcklisted SSL certificates,
2. detect flows with certificates other then whitelisted (could be
helpful to establish very restrictive LAN policy)
3. there is possible to create many different rules depending e.g. on
white/black list source of information
See the project on github:
More information about the Snort-devel