Bug #4439
closed
Added by Eric Leblond over 3 years ago.
Updated about 2 years ago.
Description
If the alert event contains the flow information it is not possible to know which from the source or the destination IP is the client for the flow.
- Status changed from New to In Review
Hi Eric,
I think this also would make sense to include this type of information for the event_type=fileinfo, since a fileinfo event can be triggered in both direction.
- Status changed from In Review to Closed
- Target version set to 7.0.0-beta1
- Subject changed from Log data way in alert to eve: log alert direction
Also available in: Atom
PDF