Project

General

Profile

Actions
Copy link

Feature #8479

open
VJ OD

eve/firewall: dedicated log record type

Feature #8479: eve/firewall: dedicated log record type

Added by Victor Julien 2 months ago. Updated 18 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Currently the firewall mode rules are not logging by default, but can use the alert keyword to generate an alert when they match. This produces the rich alert record type.

It may be worth considering a more dedicated type, that includes the drop record type info as well as detailed info about states, etc.

Related issues 3 (0 open3 closed)

Related to Suricata - Feature #8456: firewall: source field in alert/drop events to distinguish firewall from IDS/IPSClosedJason IshActions
Related to Suricata - Feature #8480: firewall: allow specifying multiple actionsClosedVictor JulienActions
Related to Suricata - Feature #8566: firewall: support generating alerts on default policyClosedVictor JulienActions
Actions
Copy link

Also available in: PDF Atom