Project

General

Profile

Actions

Bug #6458

open

eve/http: discrepancy in http events and http objects logged in alerts

Added by Jason Ish about 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

For example, the HTTP object in an HTTP record might be different than the HTTP object in an alert object.

The same has been seen in DNS and is likely to be seen in other protocols.


Related issues 3 (2 open1 closed)

Related to Suricata - Feature #6456: output: binary loggingNewOISF DevActions
Related to Suricata - Task #2167: tracking: eve enhancementsNewOISF DevActions
Related to Suricata - Bug #6281: dns: structure of query differs between "alert" and "dns" event typesClosedJason IshActions
Actions

Also available in: Atom PDF