Feature #1879: eve: optionally add 'flow' record to alerts - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #1879

closed

eve: optionally add 'flow' record to alerts

Added by Victor Julien over 7 years ago. Updated almost 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Eric Leblond

Target version:

4.0rc1

Effort:

Difficulty:

Label:

Description

Add flow record to alerts. Mostly thinking about flow's startts as this would help FPC retrieval. It may also be interesting for an analyst to know if the flow is small or big wrt number of packets and bytes.

Flow records will be incomplete, as they are not yet considered done if a packet is still referring to them.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #1879

eve: optionally add 'flow' record to alerts

Updated by Victor Julien over 7 years ago

Updated by Jason Ish almost 7 years ago

Updated by Victor Julien almost 7 years ago