[Solved] Prelude Correlator alerts - IDMEF - PRELUDE SIEM - UNITY 360

[Solved] Prelude Correlator alerts - IDMEF

Dear all,
Are the Correlator alerts stored in the same table as the other IDMEF alerts generated from Prelude LML and the Agent sensor API ?
I'm wondering how to distinguish them also from other alerts. In the Correlator code example, I see alert.correlation_alert.name
https://www.prelude-siem.org/projects/prelude/wiki/PreludeCorrelator

thanks in advance for any help
Best, Bob

Replies (2)

RE: Prelude Correlator alerts - IDMEF - Added by Antoine LUONG over 8 years ago

Hello,

Correlation alerts are stored in a specific table (Prelude_CorrelationAlert).
From the libprelude standpoint, you can distinguish correlation alerts from other IDMEF messages by looking at the "alert.correlation_alert" path and see if it is null or not.

Regards

RE: Prelude Correlator alerts - IDMEF - Added by Bob Mule over 8 years ago

Thank you!

(1-2/2)

Project

General

Profile