[Oisf-users] Payload data and eve/json output module

Yoann Juet veilletechno-irts at univ-nantes.fr
Thu Apr 17 16:05:14 UTC 2014

Hi all,

I recently turned on the eve/json output logging module to give logstash 
a try. I notice that Suricata do not send payload data. However, 
elasticsearch has the capability to store a base64 representation of 
binary data (not indexed at all). Such information is very usefull, 
especially for detecting false positives, identify internal web servers 
that may be vulnerables (use cases of reverse-proxies). Wouldn't it make 
sense in a future release of Suricata to enrich json messages with a 
base64 representation of payload data ?

Yoann Juet.

More information about the Oisf-users mailing list