[Oisf-users] Metadata Field to JSON Output

Korodev korodev at gmail.com
Tue Jan 9 02:53:30 UTC 2018

Per the documentation [1] the metadata key in signatures is ignored by
Suricata. Are there any future plans to pass that data through to the
JSON output? I'm not sure how people here might using it, but I've
seen this used for tagging signatures and it would be nice to have a
tunable that would push that data into alert event types.

If there's something else people are using to tag alerts at the
signature level for post-processing workflows (rather than lists of
sids/gids), I'd be interested in hearing that as well!

[1] https://suricata.readthedocs.io/en/latest//rules/meta.html#metadata



More information about the Oisf-users mailing list