<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap:break-word"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">Team,</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">Need to turn on logging of response events when an alert fires. </div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div id="bloop_customfont" style="margin:0px">For example, when the signature `<span class="Apple-tab-span" style="white-space:pre">   </span>ET WEB_SERVER Possible SQL Injection Attempt UNION SELECT` fires, we need to log the response after it triggers. We need to see what the server response to this request is. </div><div id="bloop_customfont" style="margin:0px"><br></div><div id="bloop_customfont" style="margin:0px">I know this can be done via snort, is this possible with suricata? </div><div id="bloop_customfont" style="margin:0px"><br></div><div class="bloop_sign" id="bloop_sign_1466001191552630016"><div style="font-family:helvetica,arial;font-size:13px"><div style="font-size:12.8000001907349px;color:rgb(34,34,34);font-family:arial,sans-serif;line-height:normal"><span style="color:rgb(0,0,0);line-height:normal;font-size:14px;font-family:roboto,sans-serif"><strong>Thanks,</strong></span></div><div style="font-size:12.8000001907349px;color:rgb(34,34,34);font-family:arial,sans-serif;line-height:normal"><span style="color:rgb(0,0,0);line-height:normal;font-size:14px;font-family:roboto,sans-serif"><strong>Jordon Carpenter</strong></span><br style="color:rgb(0,0,0);font-family:Times;font-size:medium;line-height:normal"><span style="color:rgb(0,0,0);line-height:normal;font-size:12px;font-family:roboto,sans-serif"><a href="https://www.rooksecurity.com/" style="color:rgb(0,0,0)">Rook Security</a></span><br style="color:rgb(0,0,0);font-family:Times;font-size:medium;line-height:normal"><span style="color:rgb(0,0,0);line-height:normal;font-size:12px;font-family:roboto,sans-serif"><em>Anticipate, Manage, & Eliminate Threats</em></span><br style="color:rgb(0,0,0);font-family:Times;font-size:medium;line-height:normal"><br style="color:rgb(0,0,0);font-family:Times;font-size:medium;line-height:normal"><span style="color:rgb(0,0,0);line-height:normal;font-size:12px;font-family:roboto,sans-serif">O: 888.712.9531 x734</span><br style="color:rgb(0,0,0);font-family:Times;font-size:medium;line-height:normal"><span style="color:rgb(0,0,0);line-height:normal;font-size:12px;font-family:calibri,sans-serif"><span style="font-family:roboto,sans-serif">E: <a href="mailto:jordon.carpenter@rooksecurity.com">jordon.carpenter@rooksecurity.com</a></span><br><br><span style="font-family:roboto,sans-serif"><a href="https://www.facebook.com/rookconsulting"><img src="cid:7CAA126D-A778-4E53-B3EA-B435445CF6E7" border="0" alt="rookconsulting"></a>    <a href="https://twitter.com/rooksecurity"><img src="cid:1898FE40-74D4-40A9-907C-C9A184F2219D" border="0" alt="rooksecurity"></a>    <a href="https://www.linkedin.com/company/rook-security"><img src="cid:00B989E4-B1D5-4434-BA3E-FD9CF84D629D" border="0" alt="Rook LinkedIn"></a></span><br><br><span style="font-family:roboto,sans-serif"><a href="https://rooksecurity.sigstr.net/uc/5702adef825be96deedb141a"><img src="https://rooksecurity.sigstr.net/uc/5702adef825be96deedb141a/img" border="0" alt="Seconds Matter" style="color: blue; font-family: Helvetica;"></a></span><br><br><span style="font-size:10px"><span style="font-family:roboto,sans-serif">This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message</span><br></span><br></span><div id="watermark" style="color:rgb(0,0,0);font-family:Times;font-size:medium;line-height:normal"><a href="https://rooksecurity.sigstr.net/uc/5702adef825be96deedb141a/watermark" style="text-decoration:none;outline:0px!important"><img src="https://rooksecurity.sigstr.net/uc/5702adef825be96deedb141a/watermark_img" alt="Powered by Sigstr" border="0" style="color: rgb(99, 99, 99); font-family: Helvetica; font-size: 11px;"></a></div></div><p style="margin:0px;font-size:12px;line-height:normal;font-family:Helvetica"></p></div></div></body></html>