Feature #2020: eve: add body of signature to eve.json alert - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #2020

closed

eve: add body of signature to eve.json alert

Added by erik clark over 7 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

4.1beta1

Effort:

Difficulty:

Label:

Description

This is a request to add the body of a signature to the eve.json alert when it is fired. When an analyst examines an alert, having the payload is excellent, but without the context of the raw rule (which is of varying use depending on the analysts skill), sometimes work is put in on what would clearly be a false positive with the context of the rule in the alert.

This was submitted after discussion with Jason Ish.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #2020

eve: add body of signature to eve.json alert

Updated by Victor Julien over 7 years ago

Updated by Andreas Herz over 7 years ago

Updated by Martin Natano about 7 years ago

Updated by Martin Natano about 7 years ago

Updated by Martin Natano about 7 years ago

Updated by Jason Ish over 6 years ago