Project

General

Profile

Actions
Copy link

Bug #3087

open

Prelude output IDMEF message issue

Added by Andrew Goldy about 4 years ago. Updated about 4 years ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Affected Versions:
4.1.2
Effort:
low
Difficulty:
low
Label:

Description

Hello,

The Prelude Siem output (IDMEF) of Suricata might be confused from version 4.1.2. The alert.classification.text field which should contain the signature name (for example ET Policy...) swapped with alert.assessment.impact.description(classification for example Corporate policy violation). In other words after version 4.1.2 we see the classification instead of the signature name and in the description we could see the signature name where was previously the classification.
Could you please check it?

Thank you!

Files

Download all files
prelude.PNG (3.05 KB) prelude.PNG Andrew Goldy, 08/08/2019 02:41 PM
prelude1.PNG (3.29 KB) prelude1.PNG Andrew Goldy, 08/08/2019 02:44 PM
Actions
Copy link
 #1

Updated by Victor Julien about 4 years ago

  • Assignee set to Community Ticket
  • Target version set to TBD
Actions
Copy link
 #2

Updated by Victor Julien about 4 years ago

I've pinged Thomas who has been maintaining this code recently.

Actions
Copy link Download all files
 #3

Updated by Andrew Goldy about 4 years ago

To visualize the problem:

As the the prewikka console shows the text message is swapped with description.

Actions
Copy link

Also available in: Atom PDF