Project

General

Profile

Actions
Copy link

Bug #3087

closed

Prelude output IDMEF message issue

Added by Andrew Goldy almost 5 years ago. Updated 5 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Affected Versions:
4.1.2
Effort:
low
Difficulty:
low
Label:

Description

Hello,

The Prelude Siem output (IDMEF) of Suricata might be confused from version 4.1.2. The alert.classification.text field which should contain the signature name (for example ET Policy...) swapped with alert.assessment.impact.description(classification for example Corporate policy violation). In other words after version 4.1.2 we see the classification instead of the signature name and in the description we could see the signature name where was previously the classification.
Could you please check it?

Thank you!

Files

Download all files
prelude.PNG (3.05 KB) prelude.PNG Andrew Goldy, 08/08/2019 02:41 PM
prelude1.PNG (3.29 KB) prelude1.PNG Andrew Goldy, 08/08/2019 02:44 PM
Actions
Copy link
 #1

Updated by Victor Julien almost 5 years ago

  • Assignee set to Community Ticket
  • Target version set to TBD
Actions
Copy link
 #2

Updated by Victor Julien over 4 years ago

I've pinged Thomas who has been maintaining this code recently.

Actions
Copy link Download all files
 #3

Updated by Andrew Goldy over 4 years ago

To visualize the problem:

As the the prewikka console shows the text message is swapped with description.

Actions
Copy link
 #4

Updated by Philippe Antoine 5 months ago

  • Status changed from New to Rejected

Prelude was deprecated by commit 54be743c48d0a9f64be75bd3de15384024e7fa0e

Actions
Copy link

Also available in: Atom PDF