Project

General

Profile

Actions

Feature #3975

open

Suricata-Verify: Add JSON schema validation to EVE output.

Added by Jason Ish about 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Add a feature, or command that validates all eve.json through a JSON schema. This doesn't have to become part of each test, but is something that could be run after a full run of suricata-verify over all found eve.json files.

Something like this would have caught "fileinfo" being an array in alerts, while an object in "fileinfo" records by having a schema requiring that .fileinfo was an object.


Related issues

Related to Feature #1369: json schemaIn ReviewTharushi JayasekaraActions
Actions #1

Updated by Shivani Bhardwaj about 1 year ago

  • Assignee set to Community Ticket
  • Target version set to QA
Actions #2

Updated by Jason Ish 10 months ago

Actions

Also available in: Atom PDF