Re: [mod-security-users] ModSecurity Sniffer Mode
Brought to you by:
victorhora,
zimmerletw
From: Felipe C. <FC...@tr...> - 2016-01-18 15:23:51
|
Hi Toufik, There is an example on how to implement a libModSecurity connector, it is available here: https://github.com/SpiderLabs/ModSecurity/tree/libmodsecurity/examples/simple_example_using_c The API documentation is embedded in the code itself. As you can check here: https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/src/transaction.cc#L224-L246 I know that Chaim Sanders was working on a pcap connector. They idea was to process the request available inside a pcap file. I am not sure about the status, maybe Chaim can give us more details. Br., Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: SADDAR Toufik <tou...@gm...<mailto:tou...@gm...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Friday, January 15, 2016 at 1:45 AM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: [mod-security-users] ModSecurity Sniffer Mode Hello I am a student and I have a project of end of study that consiste of putting modsecurity in TAP Mode "out of the line ," please help me find a solution , is that there is a modsecurity API , which can be integrated with a snort or suricata IDS ? Thanks ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |