Snort mailing list archives
Re: snort3 alert_json appid fields
From: "Costas Kleopa \(ckleopa\) via Snort-devel" <snort-devel () lists snort org>
Date: Sat, 1 Aug 2020 22:23:07 +0000
Currently we do this by the IPS rules and the appid rule option. There are also some upcoming enhancements which we plan to discuss a better alternative, on a new blog coming up soon so keep an eye for that too. Thanks, Costas
On Aug 1, 2020, at 10:03 AM, Özkan KIRIK via Snort-devel <snort-devel () lists snort org> wrote: Hello, Is it possible to log the detected appId ? I couldn't find any related field names for alert_json in manual. Regards _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort3 alert_json appid fields Özkan KIRIK via Snort-devel (Aug 01)
- Re: snort3 alert_json appid fields Costas Kleopa (ckleopa) via Snort-devel (Aug 01)
- Re: snort3 alert_json appid fields Noah Dietrich (Aug 01)
- Re: snort3 alert_json appid fields Özkan KIRIK via Snort-devel (Aug 02)
- Re: snort3 alert_json appid fields Costas Kleopa (ckleopa) via Snort-devel (Aug 01)