[Oisf-users] Metadata Field to JSON Output
Korodev
korodev at gmail.com
Tue Jan 9 02:53:30 UTC 2018
Per the documentation [1] the metadata key in signatures is ignored by
Suricata. Are there any future plans to pass that data through to the
JSON output? I'm not sure how people here might using it, but I've
seen this used for tagging signatures and it would be nice to have a
tunable that would push that data into alert event types.
If there's something else people are using to tag alerts at the
signature level for post-processing workflows (rather than lists of
sids/gids), I'd be interested in hearing that as well!
[1] https://suricata.readthedocs.io/en/latest//rules/meta.html#metadata
Thanks,
\\korodev
More information about the Oisf-users
mailing list