Bug #7347: eve/alert: log file_data - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7347

open

eve/alert: log file_data

Added by Eric Leblond 6 days ago. Updated 4 days ago.

Status:

In Progress

Priority:

Normal

Assignee:

Eric Leblond

Target version:

TBD

Affected Versions:

Effort:

Difficulty:

Label:

Description

As transformation occurs on stream data when it becomes file data, it may not be trivial for the analyst to understand why an alert did fire on some file content. To address this problem, we can log the file data in the events to allow an easy analysis.

As file data is mostly binary, logging to base64 should be enough.

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #7347

eve/alert: log file_data

Updated by Victor Julien 4 days ago