evebox icon indicating copy to clipboard operation
evebox copied to clipboard

Published 20 hours ago verified publisher icon jasonish

view SID Reference in eve.json

Open saman00 opened this issue 5 years ago • 1 comments

how to add field Reference & link SID in .json field ?

for view in eve-box and send to SIEM .

Sample References Url: doc.emergingthreats.net/2001583

thanks for support ! Best Regard .

saman00 avatar Aug 30 '20 21:08 saman00

This might be something I added to the user interface in EveBox. Adding it directly to the event record for having available in other SIEMs would be the job of Suricata, not EveBox. While it can't do this yet, it may be added to Suricata soon.

jasonish avatar Aug 31 '20 18:08 jasonish

Clonse in favour of https://github.com/jasonish/evebox/issues/296.

jasonish avatar Feb 15 '24 04:02 jasonish