[Oisf-users] Packet data in JSON
Russell Fulton
r.fulton at auckland.ac.nz
Wed Dec 17 21:53:44 UTC 2014
On 18/12/2014, at 8:48 am, Andreas Moe <moe.andreas at gmail.com> wrote:
> Not a full script that tails the file, but its something. Say if you have some events, and want to look deeper into and you just have the eve.json file.
>
> https://github.com/Maxtors/evepcapparser
>
nice!
What I would like to do is take a series of packets from one of the higher level parsers and turn that into a single pcap file. Either from json or from the data table in the database.
The problem is having some automated way of linking the packets to a single event. So far as I can see each packet is logged as a separate alert. Is there anything logged that connects them?
Bro does this by having a unique is that is attached to a stream.
Russell
More information about the Oisf-users
mailing list