Hi, i am wondering if Suricata is able to capture and store a small piece of the network traffic whenever an alert is triggering? Thank you!
You can already use the payload parts of the event but with 7.0 conditional pcap logging is planned, see the talk from Eric at Suricon 2021 SuriCon 2021 | Boston/Virtual – SURICON