Project

General

Profile

Actions

Feature #2020

closed

eve: add body of signature to eve.json alert

Added by erik clark over 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
Effort:
Difficulty:
Label:

Description

This is a request to add the body of a signature to the eve.json alert when it is fired. When an analyst examines an alert, having the payload is excellent, but without the context of the raw rule (which is of varying use depending on the analysts skill), sometimes work is put in on what would clearly be a false positive with the context of the rule in the alert.

This was submitted after discussion with Jason Ish.

Actions

Also available in: Atom PDF