Sp_Perl for Snort

Saturday Jeff Nathan announced he and Brian Caswell have developed a new plugin for Snort: sp_perl. This detection plugin offers users full regular expression matching within a Snort rule as well as runtime execution of perl code. They briefed their work at CanSecWest 03. At the same conference, Jed Haile gave a short presentation on using Argus to monitor network flows. Russell Fulton has been doing the same thing with Argus for at least four years. Argus was publicly announced almost exactly seven years ago. I learned similar techniques working with the Air Force's ASIM sensor, developed in the mid-1990s.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics