Feature #2020: eve: add body of signature to eve.json alert - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #2020

closed

eve: add body of signature to eve.json alert

Added by erik clark about 7 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

4.1beta1

Effort:

Difficulty:

Label:

Description

This is a request to add the body of a signature to the eve.json alert when it is fired. When an analyst examines an alert, having the payload is excellent, but without the context of the raw rule (which is of varying use depending on the analysts skill), sometimes work is put in on what would clearly be a false positive with the context of the rule in the alert.

This was submitted after discussion with Jason Ish.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #2020

eve: add body of signature to eve.json alert

Updated by Victor Julien about 7 years ago

Updated by Andreas Herz almost 7 years ago

Updated by Martin Natano over 6 years ago

Updated by Martin Natano over 6 years ago

Updated by Martin Natano over 6 years ago

Updated by Jason Ish about 6 years ago