[Oisf-users] Payload data and eve/json output module

Tom DeCanio decanio.tom at gmail.com
Thu Apr 17 17:53:15 UTC 2014


Agreed.  We've been looking into adding exactly that.


On Thu, Apr 17, 2014 at 4:05 PM, Yoann Juet <
veilletechno-irts at univ-nantes.fr> wrote:

> Hi all,
>
> I recently turned on the eve/json output logging module to give logstash a
> try. I notice that Suricata do not send payload data. However,
> elasticsearch has the capability to store a base64 representation of binary
> data (not indexed at all). Such information is very usefull, especially for
> detecting false positives, identify internal web servers that may be
> vulnerables (use cases of reverse-proxies). Wouldn't it make sense in a
> future release of Suricata to enrich json messages with a base64
> representation of payload data ?
>
> Thanks,
> Regards,
> Yoann Juet.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140417/e03b64c2/attachment-0002.html>


More information about the Oisf-users mailing list