Snort mailing list archives
Re: [SUSPECTED SPAM] [Snort-users] Snort HTTPS
From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Tue, 12 Mar 2019 20:34:06 +0000
On Mar 12, 2019, at 4:17 PM, Kai Chan via Snort-users <snort-users () lists snort org> wrote: Can Snort monitor HTTPS sessions, not just the handshake?
It can monitor the handshake, however, not much is useful after that, as it would be encrypted.
Do you have to pay for rule subscriptions to get this?
No, you'd have to have something decrypting the traffic before it reaches Snort. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com
Attachment:
smime.p7s
Description:
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort HTTPS Kai Chan via Snort-users (Mar 12)
- Re: [SUSPECTED SPAM] [Snort-users] Snort HTTPS Joel Esler (jesler) via Snort-sigs (Mar 12)
- <Possible follow-ups>
- Re: Snort HTTPS Kai Chan via Snort-users (Mar 12)
- Re: [Snort-sigs] [Snort-users] Snort HTTPS পথিক via Snort-devel (Mar 14)