Project

General

Profile

Actions

Feature #2095

closed

eve: http body in alert event

Added by Giuseppe Longo almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

If a signature triggers an alert, currently there is no readable information about the content.
Would be interesting to output the http body in base64 and printable formt in the alert event.

Actions #1

Updated by Jason Ish almost 7 years ago

Please see https://redmine.openinfosecfoundation.org/issues/2069.

So right now I'm thinking a list of buffers (in addition to the payload, packet) that can be optionally logged with all the buffers that matched. Needs to be generic though, not specific to http.

I'm hoping to mock some events up sooner than later for a format that is friendly to data stores.

Actions #2

Updated by Victor Julien almost 7 years ago

  • Subject changed from Add http body in alert event to eve: http body in alert event
  • Status changed from New to Assigned
  • Target version set to 70
Actions #3

Updated by Victor Julien almost 7 years ago

  • Tracker changed from Bug to Feature
Actions #4

Updated by Victor Julien over 6 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 70 to 4.0rc1
Actions

Also available in: Atom PDF