Feature #7347: eve/alert: log file_data - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #7347

open

eve/alert: log file_data

Added by Eric Leblond 9 months ago. Updated about 2 months ago.

Status:

In Review

Priority:

Normal

Assignee:

Eric Leblond

Target version:

9.0.0-beta1

Effort:

Difficulty:

Label:

Description

As transformation occurs on stream data when it becomes file data, it may not be trivial for the analyst to understand why an alert did fire on some file content. To address this problem, we can log the file data in the events to allow an easy analysis.

As file data is mostly binary, logging to base64 should be enough.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #7347

eve/alert: log file_data

Updated by Victor Julien 9 months ago

Updated by Philippe Antoine 9 months ago

Updated by Philippe Antoine 9 months ago

Updated by Victor Julien about 2 months ago