[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-devel
Subject:    Re: [Snort-devel] snort3 alert_json appid fields
From:       Özkan_KIRIK_via_Snort-devel <snort-devel () lists ! snort ! org>
Date:       2020-08-02 18:42:36
Message-ID: CAAcX-AF7p5Jm-1SLmvMgk3KLJp_pvw=QLCs4iD8fAq8hYNnGvA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Thanks Costas,

Is it possible to share the new blog url when it is available?

Regards

On Sun, Aug 2, 2020 at 1:23 AM Costas Kleopa (ckleopa) <ckleopa@cisco.com>
wrote:

> Currently we do this by the IPS rules and the appid rule option.
>
> There are also some upcoming enhancements which we plan to discuss a
> better alternative, on a new blog coming up soon so keep an eye for that
> too.
>
> Thanks,
> Costas
>
> > On Aug 1, 2020, at 10:03 AM, =C3=96zkan KIRIK via Snort-devel <
> snort-devel@lists.snort.org> wrote:
> >
> > =EF=BB=BF
> > Hello,
> >
> > Is it possible to log the detected appId ? I couldn't find any related
> field names for alert_json in manual.
> >
> > Regards
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel@lists.snort.org
> > https://lists.snort.org/mailman/listinfo/snort-devel
> >
> > Please visit http://blog.snort.org for the latest news about Snort!
>

[Attachment #5 (text/html)]

<div dir="ltr">Thanks Costas,<div><br></div><div>Is it possible to share the new blog \
url when it is available?</div><div><br></div><div>Regards</div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Aug 2, 2020 at 1:23 AM \
Costas Kleopa (ckleopa) &lt;<a \
href="mailto:ckleopa@cisco.com">ckleopa@cisco.com</a>&gt; wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">Currently we do this by the IPS rules and the \
appid rule option. <br> <br>
There are also some upcoming enhancements which we plan to discuss a better \
alternative, on a new blog coming up soon so keep an eye for that too. <br> <br>
Thanks,<br>
Costas<br>
<br>
&gt; On Aug 1, 2020, at 10:03 AM, Özkan KIRIK via Snort-devel &lt;<a \
href="mailto:snort-devel@lists.snort.org" \
target="_blank">snort-devel@lists.snort.org</a>&gt; wrote:<br> &gt; <br>
&gt; <br>
&gt; Hello,<br>
&gt; <br>
&gt; Is it possible to log the detected appId ? I couldn&#39;t find any related field \
names for alert_json in manual.<br> &gt; <br>
&gt; Regards<br>
&gt; _______________________________________________<br>
&gt; Snort-devel mailing list<br>
&gt; <a href="mailto:Snort-devel@lists.snort.org" \
target="_blank">Snort-devel@lists.snort.org</a><br> &gt; <a \
href="https://lists.snort.org/mailman/listinfo/snort-devel" rel="noreferrer" \
target="_blank">https://lists.snort.org/mailman/listinfo/snort-devel</a><br> &gt; \
<br> &gt; Please visit <a href="http://blog.snort.org" rel="noreferrer" \
target="_blank">http://blog.snort.org</a> for the latest news about Snort!<br> \
</blockquote></div>



_______________________________________________
Snort-devel mailing list
Snort-devel@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic