Feature #2095
closed
eve: http body in alert event
Added by Giuseppe Longo over 7 years ago.
Updated over 7 years ago.
Description
If a signature triggers an alert, currently there is no readable information about the content.
Would be interesting to output the http body in base64 and printable formt in the alert event.
Please see https://redmine.openinfosecfoundation.org/issues/2069.
So right now I'm thinking a list of buffers (in addition to the payload, packet) that can be optionally logged with all the buffers that matched. Needs to be generic though, not specific to http.
I'm hoping to mock some events up sooner than later for a format that is friendly to data stores.
- Subject changed from Add http body in alert event to eve: http body in alert event
- Status changed from New to Assigned
- Target version set to 70
- Tracker changed from Bug to Feature
- Status changed from Assigned to Closed
- Target version changed from 70 to 4.0rc1
Also available in: Atom
PDF