Open jpsenior opened 8 years ago
Note: Intention of this ticket is for vendor-agnostic SIEM integration
It's an interesting idea, but we should discuss it. That's something that perhaps @jekil could work on.
Yeah this one is kinda complex -- especially for custom rigs. I made a syslog reporting module a while back, that the user had to customize to fit their needs by modifying the module itself. Not ideal, but for parsing out IOCs from signatures, its kind of required.
Build out a small system to add in syslog output for high level signature findings including criticality: e.g. "Detects VirtualBox through the presence of a Device".
This capability will be added to the reporting modules.