FIX: Suricata dataset values for certain types of metadata

Security-Onion-Solutions / securityonion

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

https://securityonion.net

3.22k stars 498 forks source link

FIX: Suricata dataset values for certain types of metadata #10551

Closed dougburks closed 1 year ago

dougburks commented 1 year ago

The following Suricata metadata parsers need to be updated to change dataset to event.dataset: suricata.fileinfo suricata.flow suricata.krb5 suricata.tls

dougburks commented 1 year ago

https://github.com/Security-Onion-Solutions/securityonion/pull/10552

dougburks commented 1 year ago

Tested and verified.