Feature #8479: eve/firewall: dedicated log record type - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8479

open

eve/firewall: dedicated log record type

Feature #8479: eve/firewall: dedicated log record type

Added by Victor Julien 2 days ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Currently the firewall mode rules are not logging by default, but can use the alert keyword to generate an alert when they match. This produces the rich alert record type.

It may be worth considering a more dedicated type, that includes the drop record type info as well as detailed info about states, etc.

Related issues 2 (2 open — 0 closed)

History
Property changes

VJ Updated by Victor Julien 2 days ago Actions
Copy link
#1

Related to Feature #8456: firewall: Add source engine field to alert/drop events to distinguish firewall from IDS/IPS alerts added

VJ Updated by Victor Julien 2 days ago Actions
Copy link
#2

Related to Feature #8480: firewall: allow specifying multiple actions added

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #8479

eve/firewall: dedicated log record type

VJ Updated by Victor Julien 2 days ago Actions
Copy link
#1

VJ Updated by Victor Julien 2 days ago Actions
Copy link
#2

	Related to Suricata - Feature #8456: firewall: Add source engine field to alert/drop events to distinguish firewall from IDS/IPS alerts	New		Actions
	Related to Suricata - Feature #8480: firewall: allow specifying multiple actions	New		Actions

Project

General

Profile

Suricata

Custom queries

Feature #8479

eve/firewall: dedicated log record type

VJ Updated by Victor Julien 2 days ago ActionsCopy link #1

VJ Updated by Victor Julien 2 days ago ActionsCopy link #2

VJ Updated by Victor Julien 2 days ago Actions
Copy link
#1

VJ Updated by Victor Julien 2 days ago Actions
Copy link
#2