Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort3-x509-reputation-plugin released in github

From: Juliusz Brzostek <Juliusz.Brzostek () cert pl>
Date: Mon, 6 Jun 2016 10:54:12 +0200
Hello,

CERT Polska has been released one of internal projects - x509
certificates reputation plugin for Snort++.

The plugin can detect/verify malicious traffic on application level (SSL
tunnels). Can be used in LAN and WAN as well, depends on expectations.
There is flexible configuration allows to use it in many scenarios, for
instance:
1. detect/block balcklisted SSL certificates,
2. detect flows with certificates other then whitelisted (could be
helpful to establish very restrictive LAN policy)
3. there is possible to create many different rules depending e.g. on
white/black list source of information
etc.

See the project on github:
https://github.com/CERT-Polska/snort3-x509-reputation-plugin

-- 
Regards
Juliusz Brzostek
cert.pl

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: