Snort mailing list archives

Re: Snort HTTPS

From: Kai Chan via Snort-users <snort-users () lists snort org>
Date: Tue, 12 Mar 2019 16:37:02 -0400

Thanks for clarifying.

Thanks,
Kai


On Tue, Mar 12, 2019, 4:34 PM Joel Esler (jesler) <jesler () cisco com> wrote:

On Mar 12, 2019, at 4:17 PM, Kai Chan via Snort-users <

snort-users () lists snort org> wrote:


Can Snort monitor HTTPS sessions, not just the handshake?


It can monitor the handshake, however, not much is useful after that, as
it would be encrypted.

Do you have to pay for rule subscriptions to get this?



No, you'd have to have something decrypting the traffic before it reaches
Snort.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort HTTPS Kai Chan via Snort-users (Mar 12)
- Re: [SUSPECTED SPAM] [Snort-users] Snort HTTPS Joel Esler (jesler) via Snort-sigs (Mar 12)
- <Possible follow-ups>
- Re: Snort HTTPS Kai Chan via Snort-users (Mar 12)
  - Re: [Snort-sigs] [Snort-users] Snort HTTPS পথিক via Snort-devel (Mar 14)