Actions
Documentation #2620
openDocumentation: tagged_packets / event_type packet
Affected Versions:
Effort:
Difficulty:
Label:
Description
Improve logging documentation around tagged_packets and eve json field "event_type packet".
Updated by Andreas Herz over 5 years ago
- Target version set to Documentation
We need to add it to the keywords section as well to the EVE (JSON Format) section.
Suggested example rule:
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender? Root Kit Remote Connection Attempt Detected"; flow: established,to_server; content:"|01 9a 8c 66 af c0 4a 11 9e 3f 40 88 12 2c 3a 4a 84 65 38 b0 b4 08 0b af db ce 02 94 34 5f 22|"; rawbytes; tag: session, 20, packets; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2001743; classtype:trojan-activity; sid:2001743; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Updated by Victor Julien over 5 years ago
- Related to Documentation #2699: document all eve record types and fields added
Updated by Victor Julien about 5 years ago
- Target version changed from Documentation to TBD
Updated by Andreas Herz over 4 years ago
- Tracker changed from Optimization to Documentation
Updated by Juliana Fajardini Reichow over 1 year ago
- Assignee changed from Community Ticket to Juliana Fajardini Reichow
Updated by Juliana Fajardini Reichow over 1 year ago
- Target version changed from TBD to 8.0.0-beta1
Updated by Victor Julien 3 months ago
- Assignee changed from Juliana Fajardini Reichow to OISF Dev
Actions