[Oisf-users] Logging Full Rule When Event Occurs
John Peters
psibur at gmail.com
Tue Feb 6 19:36:34 UTC 2018
Had an interesting question come up during a recent conversation: Is it
possible to have the full rule written to eve.json with the corresponding
event when it triggers? The reasoning is it would be easier to see the
actual rule when searched for in a log aggregator than have to sift through
what's active in /rules. If it an option or possible, what's the best
route to get it to happen?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180206/6851c9c6/attachment.html>
More information about the Oisf-users
mailing list