http://www.prelude-siem.org/http://www.prelude-siem.org/welcome/themes/prelude/favicon/Prelude-icon.png2019-11-08T09:12:47ZUNITY 360Prewikka - Support #1153: Suricata changes the output from version 4http://www.prelude-siem.org/issues/1153?journal_id=59192019-11-08T09:12:47ZCamille GARDETcamille.gardet@csnovidys.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Assignee</strong> set to <i>Andrew Goldy</i></li></ul><p>Hello Andrew,</p>
<p>Thank you for reporting this.<br />In this case, it is the alert from Snort where the <em>classification.text</em> and the <em>description</em> are swapped. In the IDMEF format (and philosophy), the field <em>classification.text</em> should be as generic as possible, to ease the correlation.</p>
<p>We changed this behavior in suricata through this PR <a class="external" href="https://github.com/OISF/suricata/pull/3253">https://github.com/OISF/suricata/pull/3253</a> on GitHub.<br />If you are able to contribute to the Snort project by submitting a patch, it would be great. If not, we will look into it <img src="/plugin_assets/redmine_wiki_extensions/images/smile.png" alt=":)"></p>