[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-devel
Subject: Re: [Snort-devel] snort3 alert_json appid fields
From: Özkan_KIRIK_via_Snort-devel <snort-devel () lists ! snort ! org>
Date: 2020-08-02 18:42:36
Message-ID: CAAcX-AF7p5Jm-1SLmvMgk3KLJp_pvw=QLCs4iD8fAq8hYNnGvA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks Costas,
Is it possible to share the new blog url when it is available?
Regards
On Sun, Aug 2, 2020 at 1:23 AM Costas Kleopa (ckleopa) <ckleopa@cisco.com>
wrote:
> Currently we do this by the IPS rules and the appid rule option.
>
> There are also some upcoming enhancements which we plan to discuss a
> better alternative, on a new blog coming up soon so keep an eye for that
> too.
>
> Thanks,
> Costas
>
> > On Aug 1, 2020, at 10:03 AM, =C3=96zkan KIRIK via Snort-devel <
> snort-devel@lists.snort.org> wrote:
> >
> > =EF=BB=BF
> > Hello,
> >
> > Is it possible to log the detected appId ? I couldn't find any related
> field names for alert_json in manual.
> >
> > Regards
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel@lists.snort.org
> > https://lists.snort.org/mailman/listinfo/snort-devel
> >
> > Please visit http://blog.snort.org for the latest news about Snort!
>
[Attachment #5 (text/html)]
<div dir="ltr">Thanks Costas,<div><br></div><div>Is it possible to share the new blog \
url when it is available?</div><div><br></div><div>Regards</div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Aug 2, 2020 at 1:23 AM \
Costas Kleopa (ckleopa) <<a \
href="mailto:ckleopa@cisco.com">ckleopa@cisco.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">Currently we do this by the IPS rules and the \
appid rule option. <br> <br>
There are also some upcoming enhancements which we plan to discuss a better \
alternative, on a new blog coming up soon so keep an eye for that too. <br> <br>
Thanks,<br>
Costas<br>
<br>
> On Aug 1, 2020, at 10:03 AM, Özkan KIRIK via Snort-devel <<a \
href="mailto:snort-devel@lists.snort.org" \
target="_blank">snort-devel@lists.snort.org</a>> wrote:<br> > <br>
> <br>
> Hello,<br>
> <br>
> Is it possible to log the detected appId ? I couldn't find any related field \
names for alert_json in manual.<br> > <br>
> Regards<br>
> _______________________________________________<br>
> Snort-devel mailing list<br>
> <a href="mailto:Snort-devel@lists.snort.org" \
target="_blank">Snort-devel@lists.snort.org</a><br> > <a \
href="https://lists.snort.org/mailman/listinfo/snort-devel" rel="noreferrer" \
target="_blank">https://lists.snort.org/mailman/listinfo/snort-devel</a><br> > \
<br> > Please visit <a href="http://blog.snort.org" rel="noreferrer" \
target="_blank">http://blog.snort.org</a> for the latest news about Snort!<br> \
</blockquote></div>
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic