Re: [Snort-sigs] [Snort-users] Snort HTTPS

[পথিক via Snort-devel <snort-devel () lists snort org>]

HIDS can do before encryption and after decryptio.

Motashim Al Razi.

On Wed, 13 Mar 2019, 8:19 pm Kai Chan via Snort-sigs, <
snort-sigs () lists snort org> wrote:

> Thanks for clarifying.
>
> Thanks,
> Kai
>
>
> On Tue, Mar 12, 2019, 4:34 PM Joel Esler (jesler) <jesler () cisco com>
> wrote:
>
> > > On Mar 12, 2019, at 4:17 PM, Kai Chan via Snort-users <
> > snort-users () lists snort org> wrote:
> > > Can Snort monitor HTTPS sessions, not just the handshake?
> >
> > It can monitor the handshake, however, not much is useful after that, as
> > it would be encrypted.
> >
> >
> > > Do you have to pay for rule subscriptions to get this?
> >
> >
> > No, you'd have to have something decrypting the traffic before it reaches
> > Snort.
> >
> > --
> > Joel Esler
> > Manager, Communities Division
> > Cisco Talos Intelligence Group
> > http://www.talosintelligence.com
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists snort org
> https://lists.snort.org/mailman/listinfo/snort-sigs
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!