Re: snort3 alert_json appid fields

["Costas Kleopa \(ckleopa\) via Snort-devel" <snort-devel () lists snort org>]

Hello again,

The new blog related to this is now posted here<https://twitter.com/snort/status/1316812564022657027?s=20>. It relates 
to our upcoming appid enhancements you may find useful with Snort3.

Thanks
Costas

From: Özkan KIRIK <ozkan.kirik () gmail com>
Date: Sunday, August 2, 2020 at 2:42 PM
To: Costas Kleopa (ckleopa) <ckleopa () cisco com>
Cc: snort-devel () lists snort org <snort-devel () lists snort org>
Subject: Re: [Snort-devel] snort3 alert_json appid fields
Thanks Costas,

Is it possible to share the new blog url when it is available?

Regards

On Sun, Aug 2, 2020 at 1:23 AM Costas Kleopa (ckleopa) <ckleopa () cisco com<mailto:ckleopa () cisco com>> wrote:
Currently we do this by the IPS rules and the appid rule option.

There are also some upcoming enhancements which we plan to discuss a better alternative, on a new blog coming up soon 
so keep an eye for that too.

Thanks,
Costas

> On Aug 1, 2020, at 10:03 AM, Özkan KIRIK via Snort-devel <snort-devel () lists snort org<mailto:snort-devel () lists 
> snort org>> wrote:
>
> 
> Hello,
>
> Is it possible to log the detected appId ? I couldn't find any related field names for alert_json in manual.
>
> Regards
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists snort org<mailto:Snort-devel () lists snort org>
> https://lists.snort.org/mailman/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!