[Snort-openappid] OpenAppID custom detector

Y M snort at outlook.com
Mon Apr 23 14:47:35 EDT 2018


I mistakenly stated that the tool exists under the bin folder. That’s wrong. Costas’s comment is the correct one.

YM
________________________________
From: Snort-openappid <snort-openappid-bounces at lists.snort.org> on behalf of Costas Kleopa (ckleopa) via Snort-openappid <snort-openappid at lists.snort.org>
Sent: Monday, April 23, 2018 9:40:12 PM
To: Deivison Xavier; snort-openappid at lists.snort.org
Subject: Re: [Snort-openappid] OpenAppID custom detector

For simple custom detectors, have you looked into using the appid_detector_builder.sh script under the tools/ folder? That should give you a good start.

Thanks
Costas


From: Snort-openappid <snort-openappid-bounces at lists.snort.org> on behalf of Deivison Xavier via Snort-openappid <snort-openappid at lists.snort.org>
Reply-To: Deivison Xavier <deivisonvx at gmail.com>
Date: Monday, April 23, 2018 at 2:37 PM
To: "snort-openappid at lists.snort.org" <snort-openappid at lists.snort.org>
Subject: [Snort-openappid] OpenAppID custom detector

Hello,

I am doing a college work on OpenAppID (Snort 2.9.9.11/Ubuntu16<http://2.9.9.11/Ubuntu16>). I'm having trouble creating a detector for a third-party application. I read OpenDetectorDeveloperGuide3.0n (https://www.snort.org/downloads/openappid/6328), but it was not clear how to customize a detector. Someone with knowledge about the subject?

--
Att,
Deivison Xavier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20180423/a94324fd/attachment-0001.html>


More information about the Snort-openappid mailing list