[Oisf-users] Suricata - Response Events
Victor Julien
lists at inliniac.net
Thu Apr 13 14:09:32 UTC 2017
On 13-04-17 16:03, Jordon Carpenter wrote:
> Team,
>
> Trying to identify a process of logging a few extra packets from a
> Suricata alert.
>
> For example, how the 'tag' rule does for snort. I know this is not a
> feature in Suricata, however, I'm looking for something that will do it.
> The goal is to follow an attack session like an SQL injection attack.
> Obviouslly we need to see the response from the affected resource in
> order to properly determine if the attack was successful.
Actually, tag is supported.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list