[Oisf-users] Additional data in eve.json

Ramona Tăme ramona.tame at gmail.com
Tue May 26 13:06:36 UTC 2020


It seems I made lots of mistakes.
I am trying to add more details for triggered alerts listed within
eve.json. I am interested for each alert to get the DNS resolved, to get
the URL, the certificate and potentially other data. I have enabled
extended data within the surricata.yaml config but I still don't get these
details I was hoping to get. Does anybody have any suggestions how to do
this? If I need to use Lua and generate another output file, does anyone
have an example on how to get these details by using Lua?

Thank you

On Tue, 26 May 2020 at 10:44, Ramona Tăme <ramona.tame at gmail.com> wrote:

> Hi,
>
> I am trying to add more that for triggered alerts within eve.json such as
> DNS lookups, URL, certificates and so on. Would you please let me know how
> to do it and if need to use a Lua script send it to me if you have any? I
> enabled extended data within the config and I get more data but not these
> ones that I need.
>
> Thank you
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200526/f0677fa0/attachment.html>


More information about the Oisf-users mailing list