SCADA - Quickdraw Snort rules update & Suricata DNP3 Testing

[Chris Sistrunk]

I just wanted to let everyone know that DigitalBond published an update to their Quickdraw IDS Snort ruleset for several ICS/SCADA protocols (along with test pcaps).

https://github.com/digitalbond/quickdraw


Also, @inliniac and @jasonish are testing the new DNP3 protocol capabilities in Suricata.

https://github.com/inliniac/suricata/pull/1488
https://gist.github.com/jasonish/feff249bc3ff81256cae

I know that Tim Yardley and team at UIUC are adding more ICS protocols to Bro IDS as well. Stay tuned. I am excited for the added focus into protecting ICS with Security Onion!

Chris

[Doug Burks]

Thanks, Chris!

> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com