Support #2980
closed
How to set rules on Mail & Print traffic
Added by Maxime Brienne over 5 years ago.
Updated over 5 years ago.
Description
Hello every one,
As part of getting a standard I have to restrict the leakage of bank data.
For that I decided to use Surricata, however with the help of the rules Snort I am not able to capture mail frames holding sensitive information, either in the body of the text or as an attachment.
In addition I would like to know if it is possible to capture the files that are printed knowing that my printers are in another network and therefore passes through my probe.
Thank's for the help of the community, I am available for more information
Well the biggest challenge is to write rules to detect this traffic.
As long as you see the complete traffic you can start writing signatures to match the traffic you want to detect.
Andreas Herz wrote:
Well the biggest challenge is to write rules to detect this traffic.
As long as you see the complete traffic you can start writing signatures to match the traffic you want to detect.
Yes but i don't find the signature with a Wireshark, so i don't know if it's possible to capture the print info.
- Assignee set to Community Ticket
- Target version set to Support
If you don't see it in a traffic you need to find some other sources for the expected traffic. It's essential to have enough details to later match on specific traffic.
- Status changed from New to Closed
Also available in: Atom
PDF