SELKS icon indicating copy to clipboard operation
SELKS copied to clipboard

Published 20 hours ago verified publisher icon StamusNetworks

SID Reference in eve.json in eve-box

Open saman00 opened this issue 5 years ago • 5 comments

how to add field Reference & link SID in .json field ?

for view in eve-box and send to SIEM .

Sample References Url: doc.emergingthreats.net/2001583

thanks for support ! Best Regard .

saman00 avatar Aug 30 '20 07:08 saman00

In the alerts you mean?

pevma avatar Aug 31 '20 09:08 pevma

https://github.com/StamusNetworks/SELKS/issues/252#issuecomment-683667009

Yes

saman00 avatar Sep 02 '20 11:09 saman00

Hmmm ..not sure what the easiest would be - @jasonish any ideas besides enabling the rule dumping in the alert records ?

pevma avatar Sep 03 '20 11:09 pevma

Hmmm ..not sure what the easiest would be - @jasonish any ideas besides enabling the rule dumping in the alert records ?

I don't think there is enough info in the rule itself, as a references.config is required... However, we can make some good guesses, at least with most ET rules, that I could present links to references in the EveBox UI.

jasonish avatar Sep 03 '20 15:09 jasonish

Dear @pevma & @jasonish Thanks for support. Please advise to me for my issue. (#252) Best Regards.

saman00 avatar Sep 05 '20 22:09 saman00