[Oisf-users] Suricata - Response Events

Victor Julien lists at inliniac.net
Thu Apr 13 14:09:32 UTC 2017

On 13-04-17 16:03, Jordon Carpenter wrote:
> Team,
> Trying to identify a process of logging a few extra packets from a
> Suricata alert. 
> For example, how the 'tag' rule does for snort. I know this is not a
> feature in Suricata, however, I'm looking for something that will do it.
> The goal is to follow an attack session like an SQL injection attack.
> Obviouslly we need to see the response from the affected resource in
> order to properly determine if the attack was successful. 

Actually, tag is supported.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list