UNITY 360: Issueshttp://www.prelude-siem.org/http://www.prelude-siem.org/welcome/themes/prelude/favicon/Prelude-icon.png2019-11-07T18:40:10ZUNITY 360
Redmine Prewikka - Support #1153 (Assigned): Suricata changes the output from version 4http://www.prelude-siem.org/issues/11532019-11-07T18:40:10ZAndrew Goldy
<p>Hello Guys!</p>
<p>Suricata might has changed? the default prelude-alert output, because comparing to the old release 3.x the alert text was the alert name for example "ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)", and now the alert text is swapped to description for example "Potential Corporate Privacy Violation".<br />Moreover comparing to snort its confirmed something was wrong with the alerting output at least in case of prelude in suricata.</p>
<p>Below the real world examples with the same alert from snort and suricata aspects. Both outputs are natively forwarded to prelude. <br />I've contacted suricata for months but still no answer... Is there any workaround to swap the two columns regarding suricata?</p>
<p><img src="http://www.prelude-siem.org/attachments/download/1184/tempsnip.png" alt="" /></p>
<p>Suricata:</p>
<p><img src="http://www.prelude-siem.org/attachments/download/1186/jzff.PNG" alt="" /></p>
<p>Snort:</p>
<p><img src="http://www.prelude-siem.org/attachments/download/1185/ftzfztfztd.PNG" alt="" /></p>
<p>Many thanks! <img src="/plugin_assets/redmine_wiki_extensions/images/smile.png" alt=":)"></p>