aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/entropy: Clarify when entropy is logged

Browse Source 
Clarify when entropy values are logged and associated with non-alert log
records.
pull/13518/head
Jeff Lucovsky 2 weeks ago committed by Victor Julien
parent cbe621fb09
commit a300df4c4d
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File

9
doc/userguide/rules/payload-keywords.rst
Unescape Escape View File

@ -737,10 +737,11 @@ Logging
~~~~~~~
When the ``entropy`` rule keyword is provided and the rule is evaluated, the
`calculated entropy` value is logged within the ``metadata`` section of an
output log. If the alert matched, it will be included there; here's an example
that shows the calculated entropy value with the buffer on which the value was
computed::
`calculated entropy` value is associated with the flow even if the calculated
entropy value didn't result in a match or alert. Subsequent logging of event
types that include the flow, including alerts, will contain the ``entropy`` value in
the ``metadata`` section of an output log. The follow is an example that shows
the calculated entropy value with the buffer on which the value was computed::
"metadata": {
"entropy": {

Write Preview
Loading…
Cancel
Save