Project

General

Profile

Actions
Copy link

Optimization #2530

closed

Print matching rule SID in filestore meta file

Added by Konstantin Klinger almost 6 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Konstantin Klinger
Target version:
5.0beta1
Effort:
low
Difficulty:
low
Label:

Description

If a file gets stored because of a matching rule with the "filestore;" keyword, it would be helpful to print the SID of the matching rule in the "file.meta"-file. If you have an automated analysis of the extracted / stored files you often use "noalert;"-rules to only store the files and don't generate an alert additionally to it. But sometimes it could be useful to make the conclusion SID -> file afterwards.

Actions
Copy link
 #1

Updated by Victor Julien over 5 years ago

  • Assignee set to Anonymous
Actions
Copy link
 #2

Updated by Peter Manev over 5 years ago

  • Assignee changed from Anonymous to Konstantin Klinger
Actions
Copy link
 #3

Updated by Victor Julien about 5 years ago

  • Status changed from New to Closed
  • Target version changed from TBD to 5.0beta1
Actions
Copy link

Also available in: Atom PDF