Actions
Feature #6210
openoutputs: add verdict event type
Effort:
Difficulty:
Label:
Description
We're soon to have a verdict logged out with alerts and drops, but we think there is
value in adding that as an independent field, too, to log more situations that affect packets.
Updated by Juliana Fajardini Reichow over 1 year ago
- Related to Bug #5464: eve: if alert and drop rules match for a packet, "alert.action" is ambigious added
Updated by Victor Julien over 1 year ago
I think the event type should be disabled by default, similar to the "drop" event type.
When it is enabled, it should default to logging for packets that:
1. have alerts
2. had a new pass action trigger (so the first pass if a flow pass was set)
3. had a new drop action trigger (so the first drop if a flow drop was set)
4. a bypass is triggered
Optionally, it should log for each packet that is dropped or "passed".
Updated by Juliana Fajardini Reichow about 1 year ago
- Priority changed from Normal to Low
Updated by Victor Julien about 1 year ago
- Priority changed from Low to Normal
- Target version changed from 7.0.1 to 8.0.0-beta1
Retarget to 8. Can consider backport.
Updated by Juliana Fajardini Reichow about 1 year ago
- Related to Feature #6215: Exception policy log output added
Actions