Skip to content

filescan logs are not tagged with same tags as "source" logs for uploaded PCAP #893

New issue
New issue
Open
Bug
Open
filescan logs are not tagged with same tags as "source" logs for uploaded PCAP#893
Bug
Labels
bugSomething isn't workinglogstashRelating to Malcolm's use of LogstashpipelineRelating to carving (extraction) of files from traffic and the scanning of those files
Milestone
v26.04.0
@mmguero

Description

@mmguero
mmguero
opened on Feb 11, 2026

FOR UPLOADED FILES, filescan logs are not tagged with same tags as "source" logs

Steps to reproduce:

  1. upload foobar.pcap containing some file transfers
  2. filter for tag:foobar (you'll see zeek logs, but not filescan logs)
  3. remove filter (you'll now see the filescan logs)

For "live" files (captured on Hedgehog, etc.) this should be working correctly. It's only for uploaded ones it's an issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workinglogstashRelating to Malcolm's use of LogstashpipelineRelating to carving (extraction) of files from traffic and the scanning of those files

    Type

    Bug

    Fields

    Frequency

    None yet

    Projects

    Malcolm

    Status

    Todo (develop)

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions