Project

General

Profile

Actions

Feature #4333

open

Include the ‘short name’ from classification.config in the all-eve.log

Added by Scott Wells almost 4 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

I'd like a way to have suricata include the ‘short name’ of a classtype (from classification.config) in the all-eve.log.

Suricata currently includes the classification description but not the ‘short name’.

For example config classification: successful-admin,Successful Administrator Privilege Gain,1 I’d like to include successful-admin

This was asked initially in the forums [[https://forum.suricata.io/t/include-the-short-name-from-classification-config-in-the-all-eve-log/350]], and then it was suggested by a Suricata Team Member to open a feature ticket.

Thanks.

Actions

Also available in: Atom PDF