Actions
Bug #4884
closedeve.json remove app-layer specific fields from root object
Affected Versions:
Effort:
Difficulty:
Label:
Description
Running jq 'select(.command)' tests/*/output/eve.json
in Suricata-verify gives output containing
{ "timestamp": "2013-06-17T21:59:47.428041+0000", "event_type": "alert", "filename": "temp.txt", "command": "RETR", "app_proto": "ftp-data", }
where both filename and command should belong to a ftp-data
object
Actions