[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] OpenAppID
From: "Al Lewis (allewi)" <allewi () cisco ! com>
Date: 2015-03-26 1:24:46
Message-ID: 789F50FCB3014340B798E7CD25851FBE05D777BD () xmb-rcd-x10 ! cisco ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[Attachment #4 (text/plain)]
They should be here https://snort.org/downloads under the openAppID section.
Open Detector Package (ODP)
================================================================================
ODP is a package that contains Cisco provided LUA detectors and some application
meta data. Specifically, it contains the following artifacts:
a. Application detectors in Lua language.
b. Port detectors, which are port only application detectors, in meta-data in YAML \
format.
c. appMapping.data file containing application metadata. This file should not
be modified. The first column contains application identifier and last column
contains application name. Other columns contain internal information.
d. Lua library files DetectorCommon.lua, flowTrackerModule.lua and
hostServiceTrackerModule.lua
Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi@cisco.com
From: Michael Brown [mailto:mike.a.brown09@gmail.com]
Sent: Wednesday, March 25, 2015 9:00 PM
To: snort user list
Subject: [Snort-users] OpenAppID
Where can I download the detectors for OpenAppID? I am using this tutorial and it \
says about the detectors. http://blog.snort.org/2014/03/openappid-install-video.html. \
I can not find them.
---
Thank you,
Michael A. Brown
mike.a.brown09@gmail.com<mailto:mike.a.brown09@gmail.com>
M.S. Forensic Studies: Computer Forensics
B.S. Information Technology: Network Specialist
"The only thing necessary for the triumph of evil is for good men to do nothing" \
-Edmund Burke
Confidentiality Note: This electronic message is solely for the intended recipient, \
and may not be viewed by any other person. Access by anyone else is unauthorized and \
may be unlawful, except with the express consent of either the sender or the intended \
recipient. If you are not the intended recipient, you are hereby notified that you \
may not read this E-Mail or any attachment, and any disclosure, copying distributing, \
using, printing or taking any action in reliance on the contents of this E-Mail is \
strictly prohibited. The contents of this E-Mail and/or its attachments may be \
legally confidential and/or privileged; no unintended disclosure is intended to waive \
any right of privilege or confidentiality, all of which rights are reserved to the \
fullest extent possible.
[Attachment #5 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:Candara;
panose-1:2 14 5 2 3 3 3 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">They \
should be here <a href="https://snort.org/downloads">https://snort.org/downloads</a> \
under the openAppID section.<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Open \
Detector Package (ODP)<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:# \
1F497D">================================================================================<o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">ODP \
is a package that contains Cisco provided LUA detectors and some \
application<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">meta \
data. Specifically, it contains the following artifacts: <o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">a. \
Application detectors in Lua language.<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">b. \
Port detectors, which are port only application detectors, in meta-data in YAML \
format.<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">c. \
appMapping.data file containing application metadata. This file should \
not<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> \
be modified. The first column contains application identifier and last \
column<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> \
contains application name. Other columns contain internal \
information.<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">d. \
Lua library files DetectorCommon.lua, flowTrackerModule.lua and<o:p></o:p></span></p> \
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> \
hostServiceTrackerModule.lua<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-family:"Candara","sans-serif";color:#1F497D">Albert \
Lewis<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-family:"Candara","sans-serif";color:#888888">QA \
Software Engineer<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-family:"Georgia","serif";color:#999999">SOURCE</span><b><span \
style="font-family:"Georgia","serif";color:red">fire</span></b><span \
style="font-family:"Georgia","serif";color:#999999">, Inc. \
</span><span style="font-family:"Georgia","serif";color:#888888">now \
part of </span> <b><span \
style="font-family:"Georgia","serif";color:#31849B">Cisco</span></b><span \
style="font-family:"Georgia","serif";color:#888888"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-family:"Candara","sans-serif";color:#999999">9780 \
Patuxent Woods Drive<br> Columbia, MD 21046 </span><span \
style="font-family:"Candara","sans-serif";color:#888888"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-family:"Candara","sans-serif";color:#999999">Phone: \
(office) </span><span \
style="font-family:"Candara","sans-serif";color:#1F497D">443.430.7112<o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-family:"Candara","sans-serif";color:#999999">Email: \
</span><span style="font-family:"Candara","sans-serif";color:#1F497D">allewi@cisco.com</span><span \
style="font-family:"Candara","sans-serif";color:#4F81BD"> </span><span \
style="font-family:"Candara","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> \
Michael Brown [mailto:mike.a.brown09@gmail.com] <br>
<b>Sent:</b> Wednesday, March 25, 2015 9:00 PM<br>
<b>To:</b> snort user list<br>
<b>Subject:</b> [Snort-users] OpenAppID<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Where can I download the detectors for OpenAppID? I am using \
this tutorial and it says about the detectors. <a \
href="http://blog.snort.org/2014/03/openappid-install-video.html">http://blog.snort.org/2014/03/openappid-install-video.html</a>.
I can not find them. <br clear="all">
<o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">---<br>
Thank you, <br>
<br>
Michael A. Brown<br>
<a href="mailto:mike.a.brown09@gmail.com" \
target="_blank">mike.a.brown09@gmail.com</a><o:p></o:p></p> <div>
<p class="MsoNormal">M.S. Forensic Studies: Computer Forensics<br>
B.S. Information Technology: Network Specialist<br>
"The only thing necessary for the triumph of evil is for good men to do \
nothing" -Edmund Burke<br> <br>
<br>
<span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Confidentiality \
Note: This electronic message is solely for the intended recipient, and may not be \
viewed by any other person. Access by anyone else is unauthorized and may be \
unlawful, except with the express consent of either the sender or the intended \
recipient. If you are not the intended recipient, you are hereby notified that you \
may not read this E-Mail or any attachment, and any disclosure, copying distributing, \
using, printing or taking any action in reliance on the contents of this E-Mail is \
strictly prohibited. The contents of this E-Mail and/or its attachments may be \
legally confidential and/or privileged; no unintended disclosure is intended to waive \
any right of privilege or confidentiality, all of which rights are reserved to the \
fullest extent possible.</span><o:p></o:p></p> </div>
</div>
</div>
</div>
<p class="MsoNormal"><span style="border:solid windowtext 1.0pt;padding:0in"><img \
border="0" width="1" height="1" id="_x0000_i1025" \
src="cid:image001.jpg@01D06742.199C98E0" alt="Image removed by \
sender."></span><o:p></o:p></p> </div>
</div>
</body>
</html>
["image001.jpg" (image/jpeg)]
[Attachment #7 (--===============2085520292643695507==)]
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic