Project

General

Profile

Actions
Copy link

Feature #4974

closed

eve: log rule references

Added by Jason Ish over 3 years ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Its been discussed a few time of references should be logged to eve. This would give alerts more context without access to the rule. However, logging the rule is also an option.

The reference logged should probably be the fully expanded reference.

Actions
Copy link
 #1

Updated by Philippe Antoine over 3 years ago

See https://github.com/OISF/suricata/pull/6677 : Remove unused (for now) references from signature

Actions
Copy link
 #2

Updated by Jeff Lucovsky about 1 year ago

  • Status changed from New to In Review
  • Assignee changed from OISF Dev to Jeff Lucovsky
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow 12 months ago

  • Target version changed from TBD to 8.0.0-beta1
Actions
Copy link
 #4

Updated by Jeff Lucovsky 8 months ago

  • Status changed from In Review to Closed
Actions
Copy link
 #5

Updated by Victor Julien about 1 month ago

  • Subject changed from Log references to Eve to eve: log rule references
Actions
Copy link

Also available in: Atom PDF