9Oca
snort add more data in alert file
I want to add more data to alert file. Right now the data that our analyst team sees is very minimal and we are not giving access to them to our snort backend server.
Our design is like centos /var/log/snort/alert mapped to kibana and if they want to see more data on attacks, how to provide them? I thought why not add packet payload details to the alert file or a little extra data to alert so the analyst can understand and block the IPs?
