Project

General

Profile

Actions
Copy link

Feature #8479

open
VJ OD

eve/firewall: dedicated log record type

Feature #8479: eve/firewall: dedicated log record type

Added by Victor Julien 2 months ago. Updated 18 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Currently the firewall mode rules are not logging by default, but can use the alert keyword to generate an alert when they match. This produces the rich alert record type.

It may be worth considering a more dedicated type, that includes the drop record type info as well as detailed info about states, etc.

Related issues 3 (0 open3 closed)

Related to Suricata - Feature #8456: firewall: source field in alert/drop events to distinguish firewall from IDS/IPSClosedJason IshActions
Related to Suricata - Feature #8480: firewall: allow specifying multiple actionsClosedVictor JulienActions
Related to Suricata - Feature #8566: firewall: support generating alerts on default policyClosedVictor JulienActions

VJ Updated by Victor Julien 2 months ago Actions
Copy link
 #1

  • Related to Feature #8456: firewall: source field in alert/drop events to distinguish firewall from IDS/IPS added

VJ Updated by Victor Julien 2 months ago Actions
Copy link
 #2

  • Related to Feature #8480: firewall: allow specifying multiple actions added

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
 #3

  • Related to Feature #8566: firewall: support generating alerts on default policy added

JI Updated by Jason Ish 18 days ago Actions
Copy link
 #4

  • Status changed from New to Feedback
  • Assignee set to OISF Dev
Actions
Copy link

Also available in: PDF Atom