[Oisf-users] Relating packets to alerts
jt
jtfas90 at gmail.com
Thu Mar 28 13:34:25 UTC 2019
Are you looking for the specific packet number in a given flow that
fired an alert(s)?
JT
On Wed, 2019-03-27 at 20:27 +0000, Luis Escamilla wrote:
> Is it possible to identify in an eve log which of the tagged packets
> correspond to certain alert? I have been doing it by flow id, but
> many times, the flow id is related to multiple alerts
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list