[Snort-devel] [Snort-sigs] [Snort-users] Snort HTTPS
alrazimotashim at gmail.com
Thu Mar 14 07:00:08 EDT 2019
HIDS can do before encryption and after decryptio.
Motashim Al Razi.
On Wed, 13 Mar 2019, 8:19 pm Kai Chan via Snort-sigs, <
snort-sigs at lists.snort.org> wrote:
> Thanks for clarifying.
> On Tue, Mar 12, 2019, 4:34 PM Joel Esler (jesler) <jesler at cisco.com>
>> > On Mar 12, 2019, at 4:17 PM, Kai Chan via Snort-users <
>> snort-users at lists.snort.org> wrote:
>> > Can Snort monitor HTTPS sessions, not just the handshake?
>> It can monitor the handshake, however, not much is useful after that, as
>> it would be encrypted.
>> > Do you have to pay for rule subscriptions to get this?
>> No, you'd have to have something decrypting the traffic before it reaches
>> Joel Esler
>> Manager, Communities Division
>> Cisco Talos Intelligence Group
> Snort-sigs mailing list
> Snort-sigs at lists.snort.org
> Please visit http://blog.snort.org for the latest news about Snort!
> Please follow these rules:
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel