[Snort-openappid] OpenAppID custom detector

Deivison Xavier deivisonvx at gmail.com
Mon Apr 23 15:46:34 EDT 2018


I forgot to mention, I already used the tool, I can generate the .lua file.
But in the log processing only appears as "unknown", the defined name
appears.

2018-04-23 15:39 GMT-03:00 Y M via Snort-openappid <
snort-openappid at lists.snort.org>:

> You can use the “appid_detector_builder.sh” tool that comes with Snort’s
> tarball in the bin directory.
>
> YM
> ------------------------------
> *From:* Snort-openappid <snort-openappid-bounces at lists.snort.org> on
> behalf of Deivison Xavier via Snort-openappid <
> snort-openappid at lists.snort.org>
> *Sent:* Monday, April 23, 2018 9:36:04 PM
> *To:* snort-openappid at lists.snort.org
> *Subject:* [Snort-openappid] OpenAppID custom detector
>
> Hello,
>
> I am doing a college work on OpenAppID (Snort 2.9.9.11/Ubuntu16). I'm
> having trouble creating a detector for a third-party application. I read
> OpenDetectorDeveloperGuide3.0n (https://www.snort.org/
> downloads/openappid/6328), but it was not clear how to customize a
> detector. Someone with knowledge about the subject?
>
> --
>
>
> *Att, *
> *Deivison Xavier*
>
> _______________________________________________
> Snort-openappid mailing list
> Snort-openappid at lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-openappid
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>


-- 


*Att,*
*Deivison Xavier*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20180423/322a68bb/attachment.html>


More information about the Snort-openappid mailing list