Check https connection

starytomas · July 29, 2020, 7:20am

Does anyone check https connections via Suricata? Please describe your experience here and how you check https connections. Thank you

Andreas_Herz · August 3, 2020, 7:31pm

What would you like to know? Even if it’s encrypted you can still use the metadata, tls informations etc.

starytomas · August 7, 2020, 10:28am

I usually check the url, http host, user agent, number of connections over the threshold. Sometimes I also check the content of the body request.

Topic		Replies	Views
How can I analyze SSL traffic? I have the private key Help	1	733	June 30, 2022
Ssl decryption monitoring Help	0	601	June 28, 2021
Encrypted traffic inspection Help suricata	4	5839	June 17, 2022
Suricata and reverse_https shell Help ips , rules	3	993	December 10, 2021
Detecting https-tunneled ssh traffic Rules pfsense	3	1737	August 5, 2021