Actions
Feature #7098
closedPayload length field in JSON
Effort:
Difficulty:
Label:
Description
In most alerts there is a section in the log that has the actual payload/payload_printable where the match occurred.
That is very good info.
Lots of SIEMS and DBs can not easily (as it is intensive calculation) or by default index that field.
What can be really useful is if we can add payload length filed , specifying the length of the payload JSON filed.
Thus in turn allowing for hunters to search on bigger payloads for specific alerts or protocols which is very valuable for highlighting the attention.
Actions