Feature #4974: Log references to Eve - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4974

closed

Log references to Eve

Added by Jason Ish about 3 years ago. Updated 6 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Jeff Lucovsky

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Description

Its been discussed a few time of references should be logged to eve. This would give alerts more context without access to the rule. However, logging the rule is also an option.

The reference logged should probably be the fully expanded reference.

Actions

Copy link

Updated by Philippe Antoine about 3 years ago

See https://github.com/OISF/suricata/pull/6677 : Remove unused (for now) references from signature

Actions

Copy link

Updated by Jeff Lucovsky 11 months ago

Status changed from New to In Review
Assignee changed from OISF Dev to Jeff Lucovsky

https://github.com/OISF/suricata/pull/10988

Actions

Copy link

Updated by Juliana Fajardini Reichow 11 months ago

Target version changed from TBD to 8.0.0-beta1

Actions

Copy link

Updated by Jeff Lucovsky 6 months ago

Status changed from In Review to Closed

Merged in https://github.com/OISF/suricata/pull/11792

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #4974

Log references to Eve

Updated by Philippe Antoine about 3 years ago

Updated by Jeff Lucovsky 11 months ago

Updated by Juliana Fajardini Reichow 11 months ago

Updated by Jeff Lucovsky 6 months ago