Feature #1879: eve: optionally add 'flow' record to alerts - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #1879

closed

VJ EL

eve: optionally add 'flow' record to alerts

Feature #1879: eve: optionally add 'flow' record to alerts

Added by Victor Julien over 9 years ago. Updated almost 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Eric Leblond

Target version:

4.0rc1

Effort:

Difficulty:

Label:

Description

Add flow record to alerts. Mostly thinking about flow's startts as this would help FPC retrieval. It may also be interesting for an analyst to know if the flow is small or big wrt number of packets and bytes.

Flow records will be incomplete, as they are not yet considered done if a packet is still referring to them.

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #1879

eve: optionally add 'flow' record to alerts

VJ Updated by Victor Julien over 9 years ago Actions
Copy link
#1

JI Updated by Jason Ish almost 9 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 9 years ago Actions
Copy link
#3

Project

General

Profile

Suricata

Custom queries

Feature #1879

eve: optionally add 'flow' record to alerts

VJ Updated by Victor Julien over 9 years ago ActionsCopy link #1

JI Updated by Jason Ish almost 9 years ago ActionsCopy link #2

VJ Updated by Victor Julien almost 9 years ago ActionsCopy link #3

VJ Updated by Victor Julien over 9 years ago Actions
Copy link
#1

JI Updated by Jason Ish almost 9 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 9 years ago Actions
Copy link
#3