Actions
Feature #1879
closedeve: optionally add 'flow' record to alerts
Effort:
Difficulty:
Label:
Description
Add flow record to alerts. Mostly thinking about flow's startts as this would help FPC retrieval. It may also be interesting for an analyst to know if the flow is small or big wrt number of packets and bytes.
Flow records will be incomplete, as they are not yet considered done if a packet is still referring to them.
Updated by Victor Julien over 8 years ago
Jason I assigned it to you as I mostly had Evebox and Dumpy in mind here :) https://github.com/jasonish/dumpy/issues/1
Updated by Jason Ish over 7 years ago
- Status changed from Assigned to Closed
- Assignee changed from Jason Ish to Eric Leblond
- Target version changed from 70 to 4.0.0
Was done by Eric Leblond in commit da9005c404f281badd3bb4ccee675560fae2d359. I believe this was first released in 4.0.0.rc1.
Updated by Victor Julien over 7 years ago
- Target version changed from 4.0.0 to 4.0rc1
Actions