Project

General

Profile

Actions

Bug #7347

open

eve/alert: log file_data

Added by Eric Leblond about 2 months ago. Updated about 1 month ago.

Status:
In Review
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

As transformation occurs on stream data when it becomes file data, it may not be trivial for the analyst to understand why an alert did fire on some file content. To address this problem, we can log the file data in the events to allow an easy analysis.

As file data is mostly binary, logging to base64 should be enough.

Actions #1

Updated by Victor Julien about 2 months ago

  • Subject changed from Log file_data in alert events to eve/alert: log file_data
Actions #2

Updated by Philippe Antoine about 1 month ago

  • Status changed from In Progress to In Review
Actions #3

Updated by Philippe Antoine about 1 month ago

Looks like a feature rather than a bug to me...

Actions

Also available in: Atom PDF