Bug #4860: eve.json remove app-layer specific fields from root object - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4860

closed

PA PA

eve.json remove app-layer specific fields from root object

Bug #4860: eve.json remove app-layer specific fields from root object

Added by Philippe Antoine over 4 years ago. Updated about 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.0-beta1

Affected Versions:

6.0.4

Effort:

Difficulty:

Label:

Needs backport, Needs backport to 5.0, Needs backport to 6.0

Description

Running jq 'select(.command)' tests/*/output/eve.json in Suricata-verify gives output containing

{
  "timestamp": "2013-06-17T21:59:47.428041+0000",
  "event_type": "alert",
  "filename": "temp.txt",
  "command": "RETR",
  "app_proto": "ftp-data",
}

where both filename and command should belong to a ftp-data object

Related issues 3 (0 open — 3 closed)

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#1

Related to Feature #1369: eve: json schema added

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#2

Subject changed from eve.json ftp-data in root object to eve.json remove app-layer specific fiels from root object

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#3

This is also true for xff which belongs to HTTP1

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#4

Status changed from New to In Review

https://github.com/OISF/suricata/pull/6658

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
#5

Subject changed from eve.json remove app-layer specific fiels from root object to eve.json remove app-layer specific fields from root object

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
#6

Copied to Bug #4884: eve.json remove app-layer specific fields from root object added

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
#7

Copied to Bug #4885: eve.json remove app-layer specific fields from root object added

PA Updated by Philippe Antoine about 4 years ago Actions
Copy link
#8

Status changed from In Review to Closed

https://github.com/OISF/suricata/pull/7148

Actions

Copy link

Also available in: PDF Atom

Related to Suricata - Feature #1369: eve: json schema	Closed	Jason Ish	Actions
Copied to Suricata - Bug #4884: eve.json remove app-layer specific fields from root object	Rejected	Shivani Bhardwaj	Actions
Copied to Suricata - Bug #4885: eve.json remove app-layer specific fields from root object	Rejected	Jeff Lucovsky	Actions

Project

General

Profile

Suricata

Custom queries

Bug #4860

eve.json remove app-layer specific fields from root object

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#1

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#2

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#3

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#4

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
#5

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
#6

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
#7

PA Updated by Philippe Antoine about 4 years ago Actions
Copy link
#8

Project

General

Profile

Suricata

Custom queries

Bug #4860

eve.json remove app-layer specific fields from root object

PA Updated by Philippe Antoine over 4 years ago ActionsCopy link #1

PA Updated by Philippe Antoine over 4 years ago ActionsCopy link #2

PA Updated by Philippe Antoine over 4 years ago ActionsCopy link #3

PA Updated by Philippe Antoine over 4 years ago ActionsCopy link #4

JL Updated by Jeff Lucovsky over 4 years ago ActionsCopy link #5

JL Updated by Jeff Lucovsky over 4 years ago ActionsCopy link #6

JL Updated by Jeff Lucovsky over 4 years ago ActionsCopy link #7

PA Updated by Philippe Antoine about 4 years ago ActionsCopy link #8

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#1

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#2

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#3

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#4

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
#5

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
#6

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
#7

PA Updated by Philippe Antoine about 4 years ago Actions
Copy link
#8