Bug #4860: eve.json remove app-layer specific fields from root object - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4860

closed

eve.json remove app-layer specific fields from root object

Added by Philippe Antoine almost 4 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.0-beta1

Affected Versions:

6.0.4

Effort:

Difficulty:

Label:

Needs backport, Needs backport to 5.0, Needs backport to 6.0

Description

Running jq 'select(.command)' tests/*/output/eve.json in Suricata-verify gives output containing

{
  "timestamp": "2013-06-17T21:59:47.428041+0000",
  "event_type": "alert",
  "filename": "temp.txt",
  "command": "RETR",
  "app_proto": "ftp-data",
}

where both filename and command should belong to a ftp-data object

Related issues 3 (0 open — 3 closed)

Actions

Copy link

Updated by Philippe Antoine almost 4 years ago

Related to Feature #1369: eve: json schema added

Actions

Copy link

Updated by Philippe Antoine almost 4 years ago

Subject changed from eve.json ftp-data in root object to eve.json remove app-layer specific fiels from root object

Actions

Copy link

Updated by Philippe Antoine almost 4 years ago

This is also true for xff which belongs to HTTP1

Actions

Copy link

Updated by Philippe Antoine almost 4 years ago

Status changed from New to In Review

https://github.com/OISF/suricata/pull/6658

Actions

Copy link

Updated by Jeff Lucovsky almost 4 years ago

Subject changed from eve.json remove app-layer specific fiels from root object to eve.json remove app-layer specific fields from root object

Actions

Copy link

Updated by Jeff Lucovsky almost 4 years ago

Copied to Bug #4884: eve.json remove app-layer specific fields from root object added

Actions

Copy link

Updated by Jeff Lucovsky almost 4 years ago

Copied to Bug #4885: eve.json remove app-layer specific fields from root object added

Actions

Copy link

Updated by Philippe Antoine over 3 years ago

Status changed from In Review to Closed

https://github.com/OISF/suricata/pull/7148

Actions

Copy link

Also available in: Atom PDF

Related to Suricata - Feature #1369: eve: json schema	Closed	Jason Ish	Actions
Copied to Suricata - Bug #4884: eve.json remove app-layer specific fields from root object	Rejected	Shivani Bhardwaj	Actions
Copied to Suricata - Bug #4885: eve.json remove app-layer specific fields from root object	Rejected	Jeff Lucovsky	Actions

Project

General

Profile

Suricata

Custom queries

Bug #4860

eve.json remove app-layer specific fields from root object

Updated by Philippe Antoine almost 4 years ago

Updated by Philippe Antoine almost 4 years ago

Updated by Philippe Antoine almost 4 years ago

Updated by Philippe Antoine almost 4 years ago

Updated by Jeff Lucovsky almost 4 years ago

Updated by Jeff Lucovsky almost 4 years ago

Updated by Jeff Lucovsky almost 4 years ago

Updated by Philippe Antoine over 3 years ago