Project

General

Profile

Actions

Feature #7098

closed

Payload length field in JSON

Added by Peter Manev 5 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

In most alerts there is a section in the log that has the actual payload/payload_printable where the match occurred.
That is very good info.

Lots of SIEMS and DBs can not easily (as it is intensive calculation) or by default index that field.
What can be really useful is if we can add payload length filed , specifying the length of the payload JSON filed.
Thus in turn allowing for hunters to search on bigger payloads for specific alerts or protocols which is very valuable for highlighting the attention.

Actions

Also available in: Atom PDF