[Snort-devel] snort3-x509-reputation-plugin released in github

Joel Esler (jesler) jesler at ...3461...
Mon Jun 6 16:12:34 EDT 2016


This is fantastic, Thanks Juliusz.  I am sure that the dev team will take a look!

--
Joel Esler
Manager, Talos Group




> On Jun 6, 2016, at 4:54 AM, Juliusz Brzostek <Juliusz.Brzostek at ...3657...> wrote:
> 
> Hello,
> 
> CERT Polska has been released one of internal projects - x509
> certificates reputation plugin for Snort++.
> 
> The plugin can detect/verify malicious traffic on application level (SSL
> tunnels). Can be used in LAN and WAN as well, depends on expectations.
> There is flexible configuration allows to use it in many scenarios, for
> instance:
> 1. detect/block balcklisted SSL certificates,
> 2. detect flows with certificates other then whitelisted (could be
> helpful to establish very restrictive LAN policy)
> 3. there is possible to create many different rules depending e.g. on
> white/black list source of information
> etc.
> 
> See the project on github:
> https://github.com/CERT-Polska/snort3-x509-reputation-plugin
> 
> --
> Regards
> Juliusz Brzostek
> cert.pl
> 
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
> 
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160606/a2737f58/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160606/a2737f58/attachment.sig>


More information about the Snort-devel mailing list