Project

General

Profile

Actions

Feature #1879

closed

eve: optionally add 'flow' record to alerts

Added by Victor Julien over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Add flow record to alerts. Mostly thinking about flow's startts as this would help FPC retrieval. It may also be interesting for an analyst to know if the flow is small or big wrt number of packets and bytes.

Flow records will be incomplete, as they are not yet considered done if a packet is still referring to them.

Actions #1

Updated by Victor Julien over 7 years ago

Jason I assigned it to you as I mostly had Evebox and Dumpy in mind here :) https://github.com/jasonish/dumpy/issues/1

Actions #2

Updated by Jason Ish over 6 years ago

  • Status changed from Assigned to Closed
  • Assignee changed from Jason Ish to Eric Leblond
  • Target version changed from 70 to 4.0.0

Was done by Eric Leblond in commit da9005c404f281badd3bb4ccee675560fae2d359. I believe this was first released in 4.0.0.rc1.

Actions #3

Updated by Victor Julien over 6 years ago

  • Target version changed from 4.0.0 to 4.0rc1
Actions

Also available in: Atom PDF