[Oisf-users] App layer decoding of Eve.json alerts

SiNA sina.rabbani at gmail.com
Tue Jul 12 20:13:24 UTC 2016


Hi,

When Suricata generates an alert based on ip reputation rules, the alert
json log doesn't include decoded application layer information. I see the
option of including the payload itself, which would require additional
processing by a third party scrip or tool. Is it possible to configure
Suricata to generste both an event and an alert in this case?

All the best,
Sina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160712/b07b62a0/attachment-0001.html>


More information about the Oisf-users mailing list