[Snort-users] snort3-x509-reputation-plugin released in github

Juliusz Brzostek Juliusz.Brzostek at ...17569...
Mon Jun 6 04:47:22 EDT 2016


Hello,

CERT Polska has been released one of internal projects - x509
certificates reputation plugin for Snort++.

The plugin can detect/verify malicious traffic on application level (SSL
tunnels). Can be used in LAN and WAN as well, depends on expectations.
There is flexible configuration allows to use it in many scenarios, for
instance:
1. detect/block balcklisted SSL certificates,
2. detect flows with certificates other then whitelisted (could be
helpful to establish very restrictive LAN policy)
3. there is possible to create many different rules depending e.g. on
white/black list source of information
etc.

See the project on github:
https://github.com/CERT-Polska/snort3-x509-reputation-plugin

-- 
Regards
Juliusz Brzostek
cert.pl




More information about the Snort-users mailing list