Snort mailing list archives

Re: [SUSPECTED SPAM] [Snort-users] Snort HTTPS

From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Tue, 12 Mar 2019 20:34:06 +0000

On Mar 12, 2019, at 4:17 PM, Kai Chan via Snort-users <snort-users () lists snort org> wrote:

Can Snort monitor HTTPS sessions, not just the handshake?


It can monitor the handshake, however, not much is useful after that, as it would be encrypted.

Do you have to pay for rule subscriptions to get this?



No, you'd have to have something decrypting the traffic before it reaches Snort.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

Attachment: smime.p7s
Description:

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Snort HTTPS Kai Chan via Snort-users (Mar 12)
- Re: [SUSPECTED SPAM] [Snort-users] Snort HTTPS Joel Esler (jesler) via Snort-sigs (Mar 12)
- <Possible follow-ups>
- Re: Snort HTTPS Kai Chan via Snort-users (Mar 12)
  - Re: [Snort-sigs] [Snort-users] Snort HTTPS পথিক via Snort-devel (Mar 14)