Feature #4179: tunnel-Node for flow, netflow and dns-events in eve.json - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4179

open

tunnel-Node for flow, netflow and dns-events in eve.json

Added by marco sen almost 4 years ago. Updated 4 months ago.

Status:

New

Priority:

Normal

Assignee:

Community Ticket

Target version:

TBD

Effort:

Difficulty:

Label:

Needs Suricata-Verify test

Description

For suricata alert-events in eve.json there is a tunnel-node, that contains the outer ip-addresses. It would be great to get this node for flow-, netflow- and dns-events as well. This would make it possible to clearly identify the flow and compare/merge it with results of other tools.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #4179

tunnel-Node for flow, netflow and dns-events in eve.json

Updated by Philippe Antoine 4 months ago