[Solved] Prelude Correlator alerts - IDMEF
Are the Correlator alerts stored in the same table as the other IDMEF alerts generated from Prelude LML and the Agent sensor API ?
I'm wondering how to distinguish them also from other alerts. In the Correlator code example, I see alert.correlation_alert.name
thanks in advance for any help
RE: Prelude Correlator alerts - IDMEF - Added by Antoine LUONG almost 8 years ago
Correlation alerts are stored in a specific table (Prelude_CorrelationAlert).
From the libprelude standpoint, you can distinguish correlation alerts from other IDMEF messages by looking at the "alert.correlation_alert" path and see if it is null or not.