[Solved] Prelude Correlator alerts - IDMEF
Added by Bob Mule almost 9 years ago
Dear all,
Are the Correlator alerts stored in the same table as the other IDMEF alerts generated from Prelude LML and the Agent sensor API ?
I'm wondering how to distinguish them also from other alerts. In the Correlator code example, I see alert.correlation_alert.name
https://www.prelude-siem.org/projects/prelude/wiki/PreludeCorrelator
thanks in advance for any help
Best, Bob
Replies (2)
RE: Prelude Correlator alerts - IDMEF - Added by Antoine LUONG almost 9 years ago
Hello,
Correlation alerts are stored in a specific table (Prelude_CorrelationAlert).
From the libprelude standpoint, you can distinguish correlation alerts from other IDMEF messages by looking at the "alert.correlation_alert" path and see if it is null or not.
Regards