maybe i already got an answer in my mind but still ill left this question here.
My team try to deploy AWS native network firewall insted of 3rd party firewall like Fortinet, Paloalto to our customer.
So we currently working on various case scenario with rules. and what make us bugging is standard rules like rules inside 5-tuple-rule groups seem to not have ability to left their rule id or something like that on log regardless of its alert or just flow.
Im sure this could be a huge pain in the a@# to the infra/security administrator when they dealing with trouble shooting some traffic flow related issues.
So what i want to know is is there any CLI hidden options to enable rule id or again Suricata custom rule is the answer?
AWS公式更新しました 1年前
thanks for the answer, another 'V'. i was expect suricata is only option in this scenario too :)