Snort mailing list archives
Re: [Snort-sigs] [Snort-users] Snort HTTPS
From: পথিক via Snort-devel <snort-devel () lists snort org>
Date: Thu, 14 Mar 2019 17:00:08 +0600
HIDS can do before encryption and after decryptio. Motashim Al Razi. On Wed, 13 Mar 2019, 8:19 pm Kai Chan via Snort-sigs, < snort-sigs () lists snort org> wrote:
Thanks for clarifying. Thanks, Kai On Tue, Mar 12, 2019, 4:34 PM Joel Esler (jesler) <jesler () cisco com> wrote:On Mar 12, 2019, at 4:17 PM, Kai Chan via Snort-users <snort-users () lists snort org> wrote:Can Snort monitor HTTPS sessions, not just the handshake?It can monitor the handshake, however, not much is useful after that, as it would be encrypted.Do you have to pay for rule subscriptions to get this?No, you'd have to have something decrypting the traffic before it reaches Snort. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort HTTPS Kai Chan via Snort-users (Mar 12)
- Re: [SUSPECTED SPAM] [Snort-users] Snort HTTPS Joel Esler (jesler) via Snort-sigs (Mar 12)
- <Possible follow-ups>
- Re: Snort HTTPS Kai Chan via Snort-users (Mar 12)
- Re: [Snort-sigs] [Snort-users] Snort HTTPS পথিক via Snort-devel (Mar 14)