[Snort-users] Snort HTTPS

Kai Chan nahc285 at gmail.com
Tue Mar 12 16:37:02 EDT 2019


Thanks for clarifying.

Thanks,
Kai


On Tue, Mar 12, 2019, 4:34 PM Joel Esler (jesler) <jesler at cisco.com> wrote:

>
>
> > On Mar 12, 2019, at 4:17 PM, Kai Chan via Snort-users <
> snort-users at lists.snort.org> wrote:
> >
> > Can Snort monitor HTTPS sessions, not just the handshake?
>
> It can monitor the handshake, however, not much is useful after that, as
> it would be encrypted.
>
>
> > Do you have to pay for rule subscriptions to get this?
>
>
> No, you'd have to have something decrypting the traffic before it reaches
> Snort.
>
> --
> Joel Esler
> Manager, Communities Division
> Cisco Talos Intelligence Group
> http://www.talosintelligence.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190312/882c00d1/attachment.html>


More information about the Snort-users mailing list