[Snort-devel] [SUSPECTED SPAM] [Snort-users] Snort HTTPS

Joel Esler (jesler) jesler at cisco.com
Tue Mar 12 16:34:06 EDT 2019



> On Mar 12, 2019, at 4:17 PM, Kai Chan via Snort-users <snort-users at lists.snort.org> wrote:
> 
> Can Snort monitor HTTPS sessions, not just the handshake?

It can monitor the handshake, however, not much is useful after that, as it would be encrypted.


> Do you have to pay for rule subscriptions to get this?


No, you'd have to have something decrypting the traffic before it reaches Snort.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3010 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20190312/560dbbcb/attachment.bin>


More information about the Snort-devel mailing list