[Discussion] Text in Msgs

• Previous message (by thread): [Discussion] Text in Msgs
• Next message (by thread): [Discussion] Text in Msgs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Very much so.  Capturing context with syslog based alert format is a
major limitation from a remote monitoring standpoint.

Rob

-----Original Message-----
From: discussion-bounces at openinfosecfoundation.org
[mailto:discussion-bounces at openinfosecfoundation.org] On Behalf Of Matt
Jonkman
Sent: Monday, October 27, 2008 11:26 AM
To: discussion at openinfosecfoundation.org
Subject: [Discussion] Text in Msgs

Would anyone be interested in the ability to insert captured text into
the alert text of an event?

For instance, I was just looking at a few hits on " ET POLICY exe
download via HTTP". It'd be nice for that to say:

 ET POLICY exe download via HTTP
(down.onlinedowns.net/page/image/yahoons.exe)

Quick way to decide if that was something of interest or not without
having to dig into payload.

What does everyone think?

Matt

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc


_______________________________________________
Discussion mailing list
Discussion at openinfosecfoundation.org
http://lists.openinfosecfoundation.org/mailman/listinfo/discussion

• Previous message (by thread): [Discussion] Text in Msgs
• Next message (by thread): [Discussion] Text in Msgs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]