<div dir="ltr">Awesome, I will check that out. Thanks!</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><span style="font-size:14px;font-family:roboto,sans-serif"><strong><span style="color:#000000"><br>Jordon Carpenter</span></strong></span><br><span style="color:#000000;font-size:12px;font-family:roboto,sans-serif"><a style="color:#000000;font-size:12px;font-family:roboto,sans-serif" href="https://www.rooksecurity.com/" target="_blank">Rook Security</a></span><br><span style="font-size:12px;font-family:roboto,sans-serif"><em><span style="color:#000000">Anticipate, Manage, & Eliminate Threats</span></em></span><br><br><span style="color:#000000;font-size:12px;font-family:roboto,sans-serif">O: 888.712.9531 x734</span><br><span style="color:#000000;font-size:12px;font-family:calibri,sans-serif"><span style="font-family:roboto,sans-serif">E: <a href="mailto:jordon.carpenter@rooksecurity.com" target="_blank">jordon.carpenter@rooksecurity.com</a></span><br><br><span style="font-family:roboto,sans-serif"><a href="https://www.facebook.com/rookconsulting" style="font-family:roboto,sans-serif" target="_blank"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-FB.png" border="0" alt="rookconsulting"></a>    <a href="https://twitter.com/rooksecurity" style="font-family:roboto,sans-serif" target="_blank"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-TW.png" border="0" alt="rooksecurity"></a>    <a href="https://www.linkedin.com/company/rook-security" style="font-family:roboto,sans-serif" target="_blank"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-LI.png" border="0" alt="Rook LinkedIn"></a></span><br><br><span style="font-family:roboto,sans-serif"><a href="https://rooksecurity.sigstr.net/uc/5702adef825be96deedb141a" style="font-family:roboto,sans-serif" target="_blank"><img src="https://rooksecurity.sigstr.net/uc/5702adef825be96deedb141a/img" border="0" alt="Seconds Matter" style="color:blue;font-family:"Helvetica";font-size:12px"></a></span><br><br><span style="font-size:10px"><span style="font-family:roboto,sans-serif">This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message</span><br></span><br></span><div>       <a href="https://rooksecurity.sigstr.net/uc/5702adef825be96deedb141a/watermark" style="outline:0!important;text-decoration:none" target="_blank">         <img src="https://rooksecurity.sigstr.net/uc/5702adef825be96deedb141a/watermark_img" alt="Powered by Sigstr" style="color:#636363;font-family:"Helvetica";font-size:11px" border="0">       </a>     </div></div></div>
<br><div class="gmail_quote">On Wed, Jun 15, 2016 at 1:55 PM, Cooper F. Nelson <span dir="ltr"><<a href="mailto:cnelson@ucsd.edu" target="_blank">cnelson@ucsd.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The 'best practices' answer to this is that you should be using an<br>
indexed full-packet capture solution (like moloch) to review all alerts<br>
in context.<br>
<br>
-Coop<br>
<span class=""><br>
On 6/15/2016 7:37 AM, <a href="mailto:jordon.carpenter@rooksecurity.com">jordon.carpenter@rooksecurity.com</a> wrote:<br>
> Team,<br>
><br>
> Need to turn on logging of response events when an alert fires.<br>
><br>
> For example, when the signature ` ET WEB_SERVER Possible SQL Injection<br>
> Attempt UNION SELECT` fires, we need to log the response after it triggers.<br>
> We need to see what the server response to this request is.<br>
><br>
> I know this can be done via snort, is this possible with suricata?<br>
><br>
</span>> *Thanks,*<br>
> *Jordon Carpenter*<br>
> Rook Security <<a href="https://www.rooksecurity.com/" rel="noreferrer" target="_blank">https://www.rooksecurity.com/</a>><br>
> *Anticipate, Manage, & Eliminate Threats*<br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
Cooper Nelson<br>
Network Security Analyst<br>
UCSD ITS Security Team<br>
<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a> x41042<br>
<br>
</font></span></blockquote></div><br></div>