How to set rules on Mail & Print traffic
Hello every one,
As part of getting a standard I have to restrict the leakage of bank data.
For that I decided to use Surricata, however with the help of the rules Snort I am not able to capture mail frames holding sensitive information, either in the body of the text or as an attachment.
In addition I would like to know if it is possible to capture the files that are printed knowing that my printers are in another network and therefore passes through my probe.
Thank's for the help of the community, I am available for more information
Updated by Maxime Brienne over 4 years ago
Andreas Herz wrote:
Well the biggest challenge is to write rules to detect this traffic.
As long as you see the complete traffic you can start writing signatures to match the traffic you want to detect.
Yes but i don't find the signature with a Wireshark, so i don't know if it's possible to capture the print info.