[Oisf-users] Only Stats in Eve.json
David Decker
x.faith at gmail.com
Fri Jun 14 16:27:55 UTC 2019
ALl,
So I have a suricata running.
suricata.yaml: eve.json enabled. stats enabled, rules file
includes override1 (eve.json enabled, unified2 enabled)
includes override 2 (adds a rule file)
I have ET rules listed , and some other Threat Hunt rules
Main issue is that the eve.json is only showing Stats (for event types)
Fast.json is showing the Threat Hunt rule hits, no ET rules.
Its on an out of band system, but I could copy some of the config if needed.
If anyone has suggestions on where to start let me know.
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190614/e5c31103/attachment.html>
More information about the Oisf-users
mailing list