Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to reference events across log files #19

Closed
1computerguy opened this issue Dec 10, 2020 · 1 comment
Closed

How to reference events across log files #19

1computerguy opened this issue Dec 10, 2020 · 1 comment

Comments

@1computerguy
Copy link

Is there currently a method to reference correlated events across log output files? I know zeek adds a UID field to correlate events across various files, is there a similar method with NetCap to do the same thing?
@dreadl0ck
Copy link
Owner

Not implemented at the moment, but will consider adding this to the next major release.

Flow and Connection types have a UID, but it's not set on derived audit records yet.

Will likely also switch to their community-id-spec (https://github.com/corelight/community-id-spec) for the Connection UIDs.

Thanks for the heads up!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@dreadl0ck @1computerguy