[Snort-users] File extraction during http/ftp transaction

Joel Esler (jesler) jesler at ...589...
Wed Mar 11 09:30:30 EDT 2015

On Mar 11, 2015, at 9:23 AM, Rishabh Shah <rishabh420 at ...11827...<mailto:rishabh420 at ...11827...>> wrote:

Hi Snort Team,

Is it possible to extract any file during http/ftp transactions? The HTTP preprocessor makes it possible to read the HTTP URI/content. Does snort have the intelligence to extract the file during any transfer?

Beginning with, Snort has had the ability to extract files from streams and write them to disk.

Check out the README: https://www.snort.org/faq/readme-file

Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150311/486d2b92/attachment.html>

More information about the Snort-users mailing list