Project

General

Profile

Actions

Documentation #2620

open

Documentation: tagged_packets / event_type packet

Added by Jack Mott about 4 years ago. Updated 1 day ago.

Status:
New
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Improve logging documentation around tagged_packets and eve json field "event_type packet".


Related issues 1 (1 open0 closed)

Related to Documentation #2699: document all eve record types and fieldsAssignedSascha SteinbissActions
Actions #1

Updated by Andreas Herz about 4 years ago

  • Target version set to Documentation

We need to add it to the keywords section as well to the EVE (JSON Format) section.

Suggested example rule:


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender? Root Kit Remote Connection Attempt Detected"; flow: established,to_server; content:"|01 9a 8c 66 af c0 4a 11 9e 3f 40 88 12 2c 3a 4a 84 65 38 b0 b4 08 0b af db ce 02 94 34 5f 22|"; rawbytes; tag: session, 20, packets; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2001743; classtype:trojan-activity; sid:2001743; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Actions #2

Updated by Victor Julien about 4 years ago

Actions #3

Updated by Victor Julien over 3 years ago

  • Assignee set to Community Ticket
Actions #4

Updated by Victor Julien over 3 years ago

  • Target version changed from Documentation to TBD
Actions #5

Updated by Andreas Herz about 3 years ago

  • Tracker changed from Optimization to Documentation
Actions #6

Updated by Juliana Fajardini Reichow 4 months ago

  • Assignee changed from Community Ticket to Juliana Fajardini Reichow
Actions #7

Updated by Juliana Fajardini Reichow 1 day ago

  • Target version changed from TBD to 8.0beta1
Actions

Also available in: Atom PDF