[Snort-users] outputting variables for analysts
Joel Esler (jesler)
jesler at ...589...
Wed Jan 8 09:43:04 EST 2014
On Jan 3, 2014, at 9:24 AM, Long, Kerry S <kslong at ...312...<mailto:kslong at ...843.....312...>> wrote:
I am trying to figure out the best way to accomplish this. I want my analysts to see a variable I capture with byte extract in their alert display. Ideally it could just be inserted into the message field like below. I could also use Unified2 alerts with an extra custom field maybe where I create some sort of plugin to grab the value and insert it into a Unified2 alert. Trying to decide what is the easiest way to do it.
I just answered this over on the devel list.
There is no way to modify the msg from the content of a packet at this time.
Open Source Manager
Vulnerability Research Team
New Email: jesler at ...589...<mailto:jesler at ...589...>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users