[Oisf-users] Suricata response events
Cooper F. Nelson
cnelson at ucsd.edu
Wed Jun 15 17:55:36 UTC 2016
The 'best practices' answer to this is that you should be using an
indexed full-packet capture solution (like moloch) to review all alerts
in context.
-Coop
On 6/15/2016 7:37 AM, jordon.carpenter at rooksecurity.com wrote:
> Team,
>
> Need to turn on logging of response events when an alert fires.
>
> For example, when the signature ` ET WEB_SERVER Possible SQL Injection
> Attempt UNION SELECT` fires, we need to log the response after it triggers.
> We need to see what the server response to this request is.
>
> I know this can be done via snort, is this possible with suricata?
>
> *Thanks,*
> *Jordon Carpenter*
> Rook Security <https://www.rooksecurity.com/>
> *Anticipate, Manage, & Eliminate Threats*
>
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160615/468c4724/attachment-0002.sig>
More information about the Oisf-users
mailing list