Project

General

Profile

Actions

Feature #4179

open

tunnel-Node for flow, netflow and dns-events in eve.json

Added by marco sen almost 4 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:
Needs Suricata-Verify test

Description

For suricata alert-events in eve.json there is a tunnel-node, that contains the outer ip-addresses. It would be great to get this node for flow-, netflow- and dns-events as well. This would make it possible to clearly identify the flow and compare/merge it with results of other tools.

Actions

Also available in: Atom PDF