Feature #4974: Log references to Eve - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4974

open

Log references to Eve

Added by Jason Ish over 2 years ago. Updated over 2 years ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Its been discussed a few time of references should be logged to eve. This would give alerts more context without access to the rule. However, logging the rule is also an option.

The reference logged should probably be the fully expanded reference.

History
Notes

Actions

Copy link

Updated by Philippe Antoine over 2 years ago

See https://github.com/OISF/suricata/pull/6677 : Remove unused (for now) references from signature

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #4974

Log references to Eve

Updated by Philippe Antoine over 2 years ago