Re: snort3 alert_json appid fields

[Özkan KIRIK via Snort-devel <snort-devel () lists snort org>]

Thank you Costas.

On Thu, Oct 15, 2020 at 10:10 PM Costas Kleopa (ckleopa) <ckleopa () cisco com>
wrote:

> Hello again,
>
>
>
> The new blog related to this is now posted here
> <https://twitter.com/snort/status/1316812564022657027?s=20>. It relates
> to our upcoming appid enhancements you may find useful with Snort3.
>
>
>
> Thanks
>
> Costas
>
>
>
> *From: *Özkan KIRIK <ozkan.kirik () gmail com>
> *Date: *Sunday, August 2, 2020 at 2:42 PM
> *To: *Costas Kleopa (ckleopa) <ckleopa () cisco com>
> *Cc: *snort-devel () lists snort org <snort-devel () lists snort org>
> *Subject: *Re: [Snort-devel] snort3 alert_json appid fields
>
> Thanks Costas,
>
>
>
> Is it possible to share the new blog url when it is available?
>
>
>
> Regards
>
>
>
> On Sun, Aug 2, 2020 at 1:23 AM Costas Kleopa (ckleopa) <ckleopa () cisco com>
> wrote:
>
> Currently we do this by the IPS rules and the appid rule option.
>
> There are also some upcoming enhancements which we plan to discuss a
> better alternative, on a new blog coming up soon so keep an eye for that
> too.
>
> Thanks,
> Costas
>
> > On Aug 1, 2020, at 10:03 AM, Özkan KIRIK via Snort-devel <
> snort-devel () lists snort org> wrote:
> > 
> > Hello,
> >
> > Is it possible to log the detected appId ? I couldn't find any related
> field names for alert_json in manual.
> > Regards
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel () lists snort org
> > https://lists.snort.org/mailman/listinfo/snort-devel
> >
> > Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!