Bug #3087: Prelude output IDMEF message issue - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3087

closed

Prelude output IDMEF message issue

Added by Andrew Goldy almost 5 years ago. Updated 5 months ago.

Status:

Rejected

Priority:

Normal

Assignee:

Community Ticket

Target version:

TBD

Affected Versions:

4.1.2

Effort:

low

Difficulty:

low

Label:

Description

Hello,

The Prelude Siem output (IDMEF) of Suricata might be confused from version 4.1.2. The alert.classification.text field which should contain the signature name (for example ET Policy...) swapped with alert.assessment.impact.description(classification for example Corporate policy violation). In other words after version 4.1.2 we see the classification instead of the signature name and in the description we could see the signature name where was previously the classification.
Could you please check it?

Thank you!

Files

Download all files

prelude.PNG (3.05 KB) prelude.PNG		Andrew Goldy, 08/08/2019 02:41 PM
prelude1.PNG (3.29 KB) prelude1.PNG		Andrew Goldy, 08/08/2019 02:44 PM

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #3087

Prelude output IDMEF message issue

Updated by Victor Julien almost 5 years ago

Updated by Victor Julien over 4 years ago

Updated by Andrew Goldy over 4 years ago

Updated by Philippe Antoine 5 months ago