snort3-x509-reputation-plugin released in github

[Juliusz Brzostek <Juliusz.Brzostek () cert pl>]

Hello,

CERT Polska has been released one of internal projects - x509
certificates reputation plugin for Snort++.

The plugin can detect/verify malicious traffic on application level (SSL
tunnels). Can be used in LAN and WAN as well, depends on expectations.
There is flexible configuration allows to use it in many scenarios, for
instance:
1. detect/block balcklisted SSL certificates,
2. detect flows with certificates other then whitelisted (could be
helpful to establish very restrictive LAN policy)
3. there is possible to create many different rules depending e.g. on
white/black list source of information
etc.

See the project on github:
https://github.com/CERT-Polska/snort3-x509-reputation-plugin

-- 
Regards
Juliusz Brzostek
cert.pl

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!