[Oisf-users] Unique Alert ID when using EVE

[Korodev]

> There is no eqivalent, but I think thats OK. I like to assign each
> event a UUID or ULID in my process that reads events. Something you
> would need to do with unified2 anyways.

Thanks for the quick reply and all the work you around Suricata.
Are you referring to any of your public projects that I might have
missed? We need to easily detect when we might be re-processing
events, so our unique id will need to key off alert attributes in some way.

\\korodev