hello. Does anyone know why Suricata doesn’t include the packet payload in the alerts and events? I was testing ossim alienvault that has Suricata as NIDS and it does include the payload. Could it be that the version of Suricata used in ossim is different from the official one?
Payload logging is disabled by default, but can easily be turned on:
https://docs.suricata.io/en/suricata-7.0.2/output/eve/eve-json-output.html#alerts
1 Like