CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Suricata Module - Add raw rule to the alert

Browse Source
This commit is contained in:
Mike Reeves
2018-03-20 09:26:29 -04:00
parent a39505a400
commit 4c5f3525d5
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
salt/suricata/files/suricata.yaml
View File

@@ -117,8 +117,13 @@ outputs:
# packet: yes # enable dumping of packet (without stream segments) # packet: yes # enable dumping of packet (without stream segments)
# http-body: yes # enable dumping of http body in Base64 # http-body: yes # enable dumping of http body in Base64
# http-body-printable: yes # enable dumping of http body in printable format # http-body-printable: yes # enable dumping of http body in printable format
metadata: yes # add L7/applayer fields, flowbit and other vars to the alert metadata:
app-layer: true
flow: true
rule:
metadata: true
raw: true
# Enable the logging of tagged packets for rules using the # Enable the logging of tagged packets for rules using the
# "tag" keyword. # "tag" keyword.
tagged-packets: no tagged-packets: no