Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Separating detection engine

From: "Russ Combs \(rucombs\) via Snort-devel" <snort-devel () lists snort org>
Date: Mon, 31 Aug 2020 12:21:04 +0000
Muhammad,

Separated from what?  I'm going to guess the answer is no absent more details.  Detection can't happen until after 
decode and preprocessing (inspection).  And after detection comes logging of events.  The other stuff like file 
processing or reputation are optional.  If that doesn't answer your question, you'll need to explain what exactly you 
are trying to do.

Russ

________________________________________
From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Mûħąɱɱɐɖ Yăşїѓ via Snort-devel <snort-devel () 
lists snort org>
Sent: Monday, August 31, 2020 3:44 AM
To: snort-devel () lists snort org
Subject: [Snort-devel] Separating detection engine

Hey guys,

I want to know if the detection engine can be separated and be used as a standalone module?
Wherein, the packets are input and rules can be matched on it.

--
Regards,
Muhammad Yasir
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: