Optimization #2530: Print matching rule SID in filestore meta file - Suricata - Open Information Security Foundation

Actions

Copy link

Optimization #2530

closed

Print matching rule SID in filestore meta file

Added by Konstantin Klinger almost 6 years ago. Updated about 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Konstantin Klinger

Target version:

5.0beta1

Effort:

low

Difficulty:

low

Label:

Description

If a file gets stored because of a matching rule with the "filestore;" keyword, it would be helpful to print the SID of the matching rule in the "file.meta"-file. If you have an automated analysis of the extracted / stored files you often use "noalert;"-rules to only store the files and don't generate an alert additionally to it. But sometimes it could be useful to make the conclusion SID -> file afterwards.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Optimization #2530

Print matching rule SID in filestore meta file

Updated by Victor Julien over 5 years ago

Updated by Peter Manev over 5 years ago

Updated by Victor Julien about 5 years ago