Project

General

Profile

Actions
Copy link

Feature #4974

closed
JI JL

eve: log rule references

Feature #4974: eve: log rule references

Added by Jason Ish over 4 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Its been discussed a few time of references should be logged to eve. This would give alerts more context without access to the rule. However, logging the rule is also an option.

The reference logged should probably be the fully expanded reference.

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
 #1

See https://github.com/OISF/suricata/pull/6677 : Remove unused (for now) references from signature

JL Updated by Jeff Lucovsky almost 2 years ago Actions
Copy link
 #2

  • Status changed from New to In Review
  • Assignee changed from OISF Dev to Jeff Lucovsky

JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions
Copy link
 #3

  • Target version changed from TBD to 8.0.0-beta1

JL Updated by Jeff Lucovsky over 1 year ago Actions
Copy link
 #4

  • Status changed from In Review to Closed

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #5

  • Subject changed from Log references to Eve to eve: log rule references
Actions
Copy link

Also available in: PDF Atom