[Snort-devel] [SUSPECTED SPAM] [Snort-users] Snort HTTPS

Joel Esler (jesler) jesler at cisco.com
Tue Mar 12 16:34:06 EDT 2019

> On Mar 12, 2019, at 4:17 PM, Kai Chan via Snort-users <snort-users at lists.snort.org> wrote:
> Can Snort monitor HTTPS sessions, not just the handshake?

It can monitor the handshake, however, not much is useful after that, as it would be encrypted.

> Do you have to pay for rule subscriptions to get this?

No, you'd have to have something decrypting the traffic before it reaches Snort.

Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3010 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20190312/560dbbcb/attachment.bin>

More information about the Snort-devel mailing list