Project

General

Profile

Actions
Copy link

Feature #7098

closed

Payload length field in JSON

Added by Peter Manev 3 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

In most alerts there is a section in the log that has the actual payload/payload_printable where the match occurred.
That is very good info.

Lots of SIEMS and DBs can not easily (as it is intensive calculation) or by default index that field.
What can be really useful is if we can add payload length filed , specifying the length of the payload JSON filed.
Thus in turn allowing for hunters to search on bigger payloads for specific alerts or protocols which is very valuable for highlighting the attention.

Actions
Copy link
 #1

Updated by Philippe Antoine 3 months ago

  • Target version changed from TBD to 8.0.0-beta1

Ok to do for 8 as another option

Actions
Copy link
 #2

Updated by Philippe Antoine 3 months ago

  • Status changed from New to In Review
  • Assignee changed from OISF Dev to Philippe Antoine
Actions
Copy link
 #3

Updated by Philippe Antoine 3 months ago

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: Atom PDF