[Oisf-users] Suricata - Response Events

Jordon Carpenter jordon.carpenter at rooksecurity.com
Thu Apr 13 14:03:23 UTC 2017


Team,

Trying to identify a process of logging a few extra packets from a Suricata
alert.

For example, how the 'tag' rule does for snort. I know this is not a
feature in Suricata, however, I'm looking for something that will do it.
The goal is to follow an attack session like an SQL injection attack.
Obviouslly we need to see the response from the affected resource in order
to properly determine if the attack was successful.


*Thanks,Jordon Carpenter*
Rook Security <https://www.rooksecurity.com/>
*Anticipate, Manage, & Eliminate Threats*

O: 888.712.9531 x734
E: jordon.carpenter at rooksecurity.com

[image: rookteam] <https://www.facebook.com/rookteam>    [image:
rooksecurity] <https://twitter.com/rooksecurity>    [image: Rook LinkedIn]
<https://www.linkedin.com/company/rook-security>


This e-mail may contain confidential and privileged material for the sole
use of the intended recipient. Any review, use, distribution or disclosure
by others is strictly prohibited. If you are not the intended recipient (or
authorized to receive for the recipient), please contact the sender by
reply e-mail and delete all copies of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170413/1ad8c501/attachment.html>


More information about the Oisf-users mailing list