jpsenior
commented
8 years ago Note: Intention of this ticket is for vendor-agnostic SIEM integration
Open jpsenior opened 8 years ago
jpsenior
commented
8 years ago Note: Intention of this ticket is for vendor-agnostic SIEM integration
botherder
commented
8 years ago It's an interesting idea, but we should discuss it. That's something that perhaps @jekil could work on.
KillerInstinct
commented
8 years ago Yeah this one is kinda complex -- especially for custom rigs. I made a syslog reporting module a while back, that the user had to customize to fit their needs by modifying the module itself. Not ideal, but for parsing out IOCs from signatures, its kind of required.
Build out a small system to add in syslog output for high level signature findings including criticality: e.g. "Detects VirtualBox through the presence of a Device".
This capability will be added to the reporting modules.