Project

General

Profile

Actions
Copy link

Feature #4974

closed

eve: log rule references

Added by Jason Ish over 3 years ago. Updated 16 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Its been discussed a few time of references should be logged to eve. This would give alerts more context without access to the rule. However, logging the rule is also an option.

The reference logged should probably be the fully expanded reference.

Actions
Copy link
 #1

Updated by Philippe Antoine over 3 years ago

See https://github.com/OISF/suricata/pull/6677 : Remove unused (for now) references from signature

Actions
Copy link
 #2

Updated by Jeff Lucovsky 12 months ago

  • Status changed from New to In Review
  • Assignee changed from OISF Dev to Jeff Lucovsky
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow 11 months ago

  • Target version changed from TBD to 8.0.0-beta1
Actions
Copy link
 #4

Updated by Jeff Lucovsky 7 months ago

  • Status changed from In Review to Closed
Actions
Copy link
 #5

Updated by Victor Julien 16 days ago

  • Subject changed from Log references to Eve to eve: log rule references
Actions
Copy link

Also available in: Atom PDF