[Snort-devel] [Snort-sigs] [Snort-users] Snort HTTPS

পথিক alrazimotashim at gmail.com
Thu Mar 14 07:00:08 EDT 2019


HIDS can do before encryption and after decryptio.

Motashim Al Razi.

On Wed, 13 Mar 2019, 8:19 pm Kai Chan via Snort-sigs, <
snort-sigs at lists.snort.org> wrote:

> Thanks for clarifying.
>
> Thanks,
> Kai
>
>
> On Tue, Mar 12, 2019, 4:34 PM Joel Esler (jesler) <jesler at cisco.com>
> wrote:
>
>>
>>
>> > On Mar 12, 2019, at 4:17 PM, Kai Chan via Snort-users <
>> snort-users at lists.snort.org> wrote:
>> >
>> > Can Snort monitor HTTPS sessions, not just the handshake?
>>
>> It can monitor the handshake, however, not much is useful after that, as
>> it would be encrypted.
>>
>>
>> > Do you have to pay for rule subscriptions to get this?
>>
>>
>> No, you'd have to have something decrypting the traffic before it reaches
>> Snort.
>>
>> --
>> Joel Esler
>> Manager, Communities Division
>> Cisco Talos Intelligence Group
>> http://www.talosintelligence.com
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-sigs
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20190314/105de35a/attachment.html>


More information about the Snort-devel mailing list