aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/entropy: Clarify when entropy is logged

Browse Source 
Clarify when entropy values are logged and associated with non-alert log
records.
pull/13518/head
Jeff Lucovsky 2 weeks ago committed by Victor Julien
parent cbe621fb09
commit a300df4c4d
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File

9
doc/userguide/rules/payload-keywords.rst
Unescape Escape View File

@ -737,10 +737,11 @@ Logging
~~~~~~~ ~~~~~~~
When the ``entropy`` rule keyword is provided and the rule is evaluated, the When the ``entropy`` rule keyword is provided and the rule is evaluated, the
`calculated entropy` value is logged within the ``metadata`` section of an `calculated entropy` value is associated with the flow even if the calculated
output log. If the alert matched, it will be included there; here's an example entropy value didn't result in a match or alert. Subsequent logging of event
that shows the calculated entropy value with the buffer on which the value was types that include the flow, including alerts, will contain the ``entropy`` value in
computed:: the ``metadata`` section of an output log. The follow is an example that shows
the calculated entropy value with the buffer on which the value was computed::
"metadata": { "metadata": {
"entropy": { "entropy": {

Write Preview
Loading…
Cancel
Save