[Snort-openappid] New Detectors

Y M snort at ...46...
Wed May 27 15:13:13 EDT 2015


Hi Edison
You do not have to update the appMapping.data manually. Using the API, and a detector ID will be created automatically on your behalf. The API documentation can be found here:https://www.snort.org/downloads/openappid/1794.
The basic idea is that you use the API to generate the AppId for you, and then depending on what you are attempting to detect (HTTP, TCP, etc..), you use the respective API calls. 
Search Snort's blog for openappid, there will be a couple of presentations and videos. These were helpful in my case:
http://blog.snort.org/2015/01/announced-at-rsa-snort-2.htmlhttp://blog.snort.org/2014/10/derbycon-openappid-presentation.htmlhttp://blog.snort.org/2014/06/openappid-training-videos-how-to-create.html
Hope this helps.YM

Date: Wed, 27 May 2015 15:59:32 -0300
From: efjgrub at ...8...
To: snort-openappid at lists.sourceforge.net
Subject: [Snort-openappid] New Detectors

Hello,How can I get help to contribute with new detections?After creating a new detector , how to update the appMapping.data?Is there a document that I can study?Thank youEdison

------------------------------------------------------------------------------
_______________________________________________
Snort-openappid mailing list
Snort-openappid at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news! 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150527/0e8a31c5/attachment.html>


More information about the Snort-openappid mailing list