[Oisf-users] xbits in EVE & unified2

Champ Clark III cclark at quadrantsec.com
Mon Apr 8 15:31:36 UTC 2019

Hello Mob! :) 

I was under the impression, perhaps incorrectly, that 'xbit' data gets stored in the Suricata EVE files. For example, if an 'xbit' gets 'set' or checked ('isset'), is there an EVE record of that happening? I've search by Suricata instances EVE files for 'xbits' an can't find any records of that. However, it might be that I haven't triggered any rules that have 'xbits' in them. I'd like to see how this data get recorded. 

Secondly, I know there are plans to depreciate 'unified2'. Is there a target date for this. 

Thank you! 

- Champ Clark III 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190408/53a1788f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2128 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190408/53a1788f/attachment.bin>

More information about the Oisf-users mailing list