Snort mailing list archives
Appid question
From: James Lay <jlay () slave-tothe-box net>
Date: Sun, 18 Sep 2016 18:44:41 -0600
Hey all, This afternoon I found myself mucking around with appid. I love appid. Right now it is only accompanying IDS hits. I was wondering if anyone has put something in place that makes appid almost like a....I want to say netflow, but not quite. I envision an app reading the appid.u2 file and dumping it to Elasticsearch. But instead of having only IDS hits, I'd like to try and have snort simply monitor and appid alert all traffic it sees. Has anyone done anything like this? Thanks. James
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Appid question James Lay (Sep 18)
- Re: Appid question Y M (Sep 19)
- Re: Appid question James Lay (Sep 19)
- Re: Appid question Victor Roemer (Sep 19)
- Re: Appid question James Lay (Sep 19)
- Re: Appid question James Lay (Sep 19)
- Re: Appid question Y M (Sep 19)
- Message not available
- Message not available
- Re: Appid question James Lay (Sep 19)
- Message not available
- Re: [Snort-openappid] Appid question James Lay (Sep 19)
- Re: [Snort-openappid] Appid question Russ (Sep 19)
- Re: [Snort-openappid] Appid question James Lay (Sep 19)
- Re: [Snort-openappid] Appid question Russ (Sep 19)
- Message not available