suricata output/reference: Include reference information in alert (if configured)

output/reference: Include reference information in alert (if configured)

Open jlucovsky opened this issue 8 months ago • 3 comments

Continuation of #11089

When configured, include the reference value in the alert. The configuration value is in the alert section: types.alert.reference. The default value is off/no. Set to yes to include the expanded reference from the rule in the alert record.

Link to redmine ticket: 4974

Describe changes:

Add reference value to suricata.yaml.in (default no/off)
Set flag in output logger if the config setting is on
Format the reference as a sequence, e.g., references: [ "ref-1" [, "ref-2" [, ...]]]

Updates:

Update reference.config (see commit)

Provide values to any of the below to override the defaults.

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1808

Jun 10 '24 20:06 jlucovsky

suricata suricata copied to clipboard

output/reference: Include reference information in alert (if configured)

Provide values to any of the below to override the defaults.

suricata
suricata copied to clipboard