[Oisf-users] suricata 2.1beta3 md5 blacklist -> elk json filename or md5?

john nesh john.nesh76 at gmail.com
Thu Feb 26 18:46:40 UTC 2015


I want to know how to generate an alert from a md5 list.
I have generated some alert this way:
alert http any any -> any any (msg:"FILE MD5 Check EXE against a white
list"; filemagic:"exe"; filemd5:/etc/suricata/md5/md5.txt; sid:41; rev:1;)

I have the alert but I can't see the md5 in the alert and/or filename
and/or the source.

Is there any possibility to have this kind of view?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150226/45260ea7/attachment.html>

More information about the Oisf-users mailing list