[Snort-openappid] OpenAppID rules (New Call)

Joel Esler (jesler) jesler at ...5...
Sat Nov 7 10:36:01 EST 2015


You are right.  This is something that we need to be adopted across the user base before we can do it.

This is probably smarter to target to Snort 3.0, as we have to convert the Ruleset anyway at that time.

--
Joel Esler
Manager, Talos
Sent from my iPhone

On Nov 6, 2015, at 11:25 AM, Carlos Rodriguez Hernandez <crodriguezh.ext at ...55....109...<mailto:crodriguezh.ext at ...109...>> wrote:

Thanks for your answer, Joel.

Of course OpenAppID adds great functionality to Snort, and the performance penalty is totally acceptable.

I was just thinking that if detection engine only evaluate some rules depending on the application this would decrease the number of rules to evaluate and also the number of false positives/negatives, so additionally improve Snort, coupled with the new functionality to detect application, which is very interesting and useful for the whole community.

Regards,
Carlos
--
Carlos Rodr?guez Hern?ndez
Fellow Developer
redborder.net<http://redborder.net/> | +34 609477932

[http://p3.zdassets.com/hc/settings_assets/596025/200071372/3Iv4KNwd4hpnPRuwLuoExA-Logo_redBorder_Absolute_Visibility_Normal.png]

This email, including attachments, is intended exclusively for its addressee. It contains information that is CONFIDENTIAL whose disclosure is prohibited by law and may be covered by legal privilege. If you have received this email in error, please notify the sender and delete it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20151107/7d317a61/attachment.html>


More information about the Snort-openappid mailing list