Project

General

Profile

Actions
Copy link

Feature #2095

closed
GL GL

eve: http body in alert event

Feature #2095: eve: http body in alert event

Added by Giuseppe Longo about 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Giuseppe Longo
Target version:
4.0rc1
Effort:
Difficulty:
Label:

Description

If a signature triggers an alert, currently there is no readable information about the content.
Would be interesting to output the http body in base64 and printable formt in the alert event.

JI Updated by Jason Ish about 9 years ago Actions
Copy link
 #1

Please see https://redmine.openinfosecfoundation.org/issues/2069.

So right now I'm thinking a list of buffers (in addition to the payload, packet) that can be optionally logged with all the buffers that matched. Needs to be generic though, not specific to http.

I'm hoping to mock some events up sooner than later for a format that is friendly to data stores.

VJ Updated by Victor Julien almost 9 years ago Actions
Copy link
 #2

  • Subject changed from Add http body in alert event to eve: http body in alert event
  • Status changed from New to Assigned
  • Target version set to 70

VJ Updated by Victor Julien almost 9 years ago Actions
Copy link
 #3

  • Tracker changed from Bug to Feature

VJ Updated by Victor Julien almost 9 years ago Actions
Copy link
 #4

  • Status changed from Assigned to Closed
  • Target version changed from 70 to 4.0rc1
Actions
Copy link

Also available in: PDF Atom