Project

General

Profile

Actions
Copy link

Documentation #2620

open
JM OD

userguide: document tagged_packets / event_type packet

Documentation #2620: userguide: document tagged_packets / event_type packet

Added by Jack Mott over 7 years ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Improve logging documentation around tagged_packets and eve json field "event_type packet".

Related issues 1 (0 open1 closed)

Related to Suricata - Documentation #2699: document all eve record types and fieldsClosedSascha SteinbissActions

AH Updated by Andreas Herz over 7 years ago Actions
Copy link
 #1

  • Target version set to Documentation

We need to add it to the keywords section as well to the EVE (JSON Format) section.

Suggested example rule:


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender? Root Kit Remote Connection Attempt Detected"; flow: established,to_server; content:"|01 9a 8c 66 af c0 4a 11 9e 3f 40 88 12 2c 3a 4a 84 65 38 b0 b4 08 0b af db ce 02 94 34 5f 22|"; rawbytes; tag: session, 20, packets; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2001743; classtype:trojan-activity; sid:2001743; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
 #2

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
 #3

  • Assignee set to Community Ticket

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
 #4

  • Target version changed from Documentation to TBD

AH Updated by Andreas Herz over 6 years ago Actions
Copy link
 #5

  • Tracker changed from Optimization to Documentation

JF Updated by Juliana Fajardini Reichow over 3 years ago Actions
Copy link
 #6

  • Assignee changed from Community Ticket to Juliana Fajardini Reichow

JF Updated by Juliana Fajardini Reichow over 3 years ago Actions
Copy link
 #7

  • Target version changed from TBD to 8.0.0-beta1

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
 #8

  • Assignee changed from Juliana Fajardini Reichow to OISF Dev

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #9

  • Subject changed from Documentation: tagged_packets / event_type packet to userguide: document tagged_packets / event_type packet
  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1

VJ Updated by Victor Julien 10 months ago Actions
Copy link
 #10

  • Target version changed from 8.0.0-rc1 to 8.0.0

PA Updated by Philippe Antoine 9 months ago Actions
Copy link
 #11

  • Target version changed from 8.0.0 to 8.0.1

JI Updated by Jason Ish 7 months ago Actions
Copy link
 #12

  • Target version changed from 8.0.1 to 8.0.2

VJ Updated by Victor Julien 7 months ago Actions
Copy link
 #13

  • Target version changed from 8.0.2 to 9.0.0-beta1
Actions
Copy link

Also available in: PDF Atom