[Oisf-users] Payload data and eve/json output module
Yoann Juet
veilletechno-irts at univ-nantes.fr
Thu Apr 17 16:05:14 UTC 2014
Hi all,
I recently turned on the eve/json output logging module to give logstash
a try. I notice that Suricata do not send payload data. However,
elasticsearch has the capability to store a base64 representation of
binary data (not indexed at all). Such information is very usefull,
especially for detecting false positives, identify internal web servers
that may be vulnerables (use cases of reverse-proxies). Wouldn't it make
sense in a future release of Suricata to enrich json messages with a
base64 representation of payload data ?
Thanks,
Regards,
Yoann Juet.
More information about the Oisf-users
mailing list