Project

General

Profile

Actions
Copy link

Bug #4439

closed

eve: log alert direction

Added by Eric Leblond over 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Eric Leblond
Target version:
7.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

If the alert event contains the flow information it is not possible to know which from the source or the destination IP is the client for the flow.

Actions
Copy link
 #1

Updated by Eric Leblond over 3 years ago

  • Status changed from New to In Review
Actions
Copy link
 #2

Updated by Odin Jenseg over 3 years ago

Hi Eric,

I think this also would make sense to include this type of information for the event_type=fileinfo, since a fileinfo event can be triggered in both direction.

Actions
Copy link
 #3

Updated by Victor Julien about 2 years ago

  • Status changed from In Review to Closed
  • Target version set to 7.0.0-beta1
Actions
Copy link
 #4

Updated by Victor Julien about 2 years ago

  • Subject changed from Log data way in alert to eve: log alert direction
Actions
Copy link

Also available in: Atom PDF