view SID Reference in eve.json

jasonish / evebox

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

https://evebox.org/

MIT License

418 stars 67 forks source link

view SID Reference in eve.json #146

Closed saman00 closed 6 months ago

saman00 commented 4 years ago

how to add field Reference & link SID in .json field ?

for view in eve-box and send to SIEM .

Sample References Url: doc.emergingthreats.net/2001583

thanks for support ! Best Regard .

jasonish commented 4 years ago

This might be something I added to the user interface in EveBox. Adding it directly to the event record for having available in other SIEMs would be the job of Suricata, not EveBox. While it can't do this yet, it may be added to Suricata soon.

jasonish commented 6 months ago

Clonse in favour of https://github.com/jasonish/evebox/issues/296.