Support #6301: pcap capture - Suricata - Open Information Security Foundation

Actions

Copy link

Support #6301

closed

pcap capture

Added by Nguyen Cuong over 1 year ago. Updated over 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

OISF Dev

Affected Versions:

7.0.2

Label:

Beginner

Description

Hi, when I search the information how can I only save data captured (captured it to pcap files) which match with alerts (rule) in suricata, but I can find any idea of this one. So, I wanna know how can i save only data captured which match with alerts in suricata and how it work, thanks

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Support #6301

pcap capture

Updated by Philippe Antoine over 1 year ago