From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 3 Feb 2026 18:16:51 +0000 (+0000)
Subject: reporter: Add more event data into the email headers
X-Git-Tag: 0.7~6
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=16d94966df609e21dc768c26ce6affb22866c5ff;p=suricata-reporter.git

reporter: Add more event data into the email headers

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/suricata-reporter.in b/src/suricata-reporter.in
index 5bddf6a..28b55bc 100644
--- a/src/suricata-reporter.in
+++ b/src/suricata-reporter.in
@@ -385,8 +385,9 @@ class Reporter(object):
 		# Generate a Message ID
 		msg.add_header("Message-ID", email.utils.make_msgid())
 
-		# Add the severity as a header for email filtering
-		msg.add_header("X-Alert-Severity", "%s" % event.alert_severity)
+		# Add any custom event headers
+		for key, value in event.headers:
+			msg.add_header(key, value)
 
 		# Compose the content
 		content = [
@@ -579,6 +580,35 @@ class Event(object):
 
 		return " ".join(s)
 
+	@property
+	def headers(self):
+		"""
+			Returns headers that will be included in the email
+		"""
+		# Type
+		yield "X-Event-Type", self.type
+
+		# Alert Stuff
+		if self.is_alert():
+			yield "X-Event-Alert-GID", "%s" % self.alert_gid
+			yield "X-Event-Alert-SID", "%s" % self.alert_signature_id
+			yield "X-Event-Alert-Rev", "%s" % self.alert_rev
+
+			# Signature
+			yield "X-Event-Signature", self.alert_signature
+
+			# Category
+			yield "X-Event-Category", self.alert_category
+
+			# Severity
+			yield "X-Event-Severity", "%s" % self.alert_severity
+
+		# Protocol
+		yield "X-Event-Protocol", self.protocol
+
+		# Application Protocol
+		yield "X-Event-Application-Protocol", self.app_protocol
+
 	def dump(self):
 		"""
 			Dumps any relevant fields of this event in a human-readable way