So I have a solid networking background and understanding of so of the systems involved. I am currently working on a project that uses either Snort or Suricata I haven't decided which yet. but the idea is for this system to be able to capture and display details in clear text for a keyword list. for example, someone googled something that was against policy of the company it would alert that "EMAIL / USERNAME" searched for "KEYWORD" on "127.0.0.1 / GOOGLE.COM" at "DATE / TIME". I can't figure it out as I'm new to both snort and Suricata so I need to learn one, how do I write a rule that will capture usernames, email address, full names, or message keywords such as "KEYWORD"... so maybe a way to parse the packet for data such as "username = BOB" and save that data to an SQL table for that IP address. can anyone help me with this ? its a completely new project for me, I know I will need to strip SSL/TLS and degrade the traffic, I have a understanding of that already... Thanks in advanced
No comments:
Post a Comment