Project

General

Profile

Actions
Copy link

Feature #7347

open
EL EL

eve/alert: log file_data

Feature #7347: eve/alert: log file_data

Added by Eric Leblond over 1 year ago. Updated 6 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Eric Leblond
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

As transformation occurs on stream data when it becomes file data, it may not be trivial for the analyst to understand why an alert did fire on some file content. To address this problem, we can log the file data in the events to allow an easy analysis.

As file data is mostly binary, logging to base64 should be enough.

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
 #1

  • Subject changed from Log file_data in alert events to eve/alert: log file_data

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #2

  • Status changed from In Progress to In Review

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #3

Looks like a feature rather than a bug to me...

VJ Updated by Victor Julien 11 months ago Actions
Copy link
 #4

  • Tracker changed from Bug to Feature
  • Target version changed from TBD to 9.0.0-beta1

PA Updated by Philippe Antoine 6 days ago Actions
Copy link
 #5

  • Status changed from In Review to Assigned

Repuuting in assigned state as PR got closed as stale

Actions
Copy link

Also available in: PDF Atom