[Snort-openappid] OpenAppID rules

Mike Stepanek (mstepane) mstepane at ...5...
Wed Nov 4 09:27:50 EST 2015


Users generally just create their own AppID-based rules.

Note that if you enable AppID, it's running.  You'll see the performance impact.  Actually evaluating against a rule (after AppID determines an app), is only going to be a negligible impact on rules processing performance (that is, you probably won't even notice it).  It'll simply be running AppID that'll have the much bigger impact on performance.

- Mike Stepanek
   mstepane at ...5...

From: Costas Kleopa (ckleopa)
Sent: Wednesday, November 04, 2015 9:22 AM
To: Carlos Rodriguez Hernandez <crodriguezh.ext at ...109...>
Cc: snort-openappid at lists.sourceforge.net
Subject: Re: [Snort-openappid] OpenAppID rules

We do not have any AppID based snort rules available yet.

Thanks,
Costas

On Nov 4, 2015, at 8:56 AM, Carlos Rodriguez Hernandez <crodriguezh.ext at ...39...109...<mailto:crodriguezh.ext at ...109...>> wrote:
Hello everyone,

I'm working on analyzing the performance of Snort + OpenAppID in our system; but in the latest version of the rules "community-rules.tar.gz" or "snortrules-snapshot-2976.tar.gz" there is no rules using the keyword "appid".
Where I can get OpenAppID rules?

Thank you so much.

--
Carlos Rodríguez Hernández
Fellow Developer
redborder.net<http://redborder.net/> | +34 609477932

[http://p3.zdassets.com/hc/settings_assets/596025/200071372/3Iv4KNwd4hpnPRuwLuoExA-Logo_redBorder_Absolute_Visibility_Normal.png]

This email, including attachments, is intended exclusively for its addressee. It contains information that is CONFIDENTIAL whose disclosure is prohibited by law and may be covered by legal privilege. If you have received this email in error, please notify the sender and delete it from your system.
------------------------------------------------------------------------------
_______________________________________________
Snort-openappid mailing list
Snort-openappid at lists.sourceforge.net<mailto:Snort-openappid at ...12...rge.net>
https://lists.sourceforge.net/lists/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20151104/94953903/attachment.html>


More information about the Snort-openappid mailing list