Bug #4885: eve.json remove app-layer specific fields from root object - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4885

closed

eve.json remove app-layer specific fields from root object

Added by Jeff Lucovsky almost 4 years ago. Updated over 3 years ago.

Status:

Rejected

Priority:

Normal

Assignee:

Jeff Lucovsky

Target version:

5.0.9

Affected Versions:

6.0.4

Effort:

Difficulty:

Label:

Description

Running jq 'select(.command)' tests/*/output/eve.json in Suricata-verify gives output containing

{
  "timestamp": "2013-06-17T21:59:47.428041+0000",
  "event_type": "alert",
  "filename": "temp.txt",
  "command": "RETR",
  "app_proto": "ftp-data",
}

where both filename and command should belong to a ftp-data object

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Updated by Jeff Lucovsky almost 4 years ago

Copied from Bug #4860: eve.json remove app-layer specific fields from root object added

Actions

Copy link

Updated by Jeff Lucovsky almost 4 years ago

Label deleted (~~Needs backport~~)

Actions

Copy link

Updated by Shivani Bhardwaj over 3 years ago

Status changed from Assigned to Rejected

Reason: highly visible change for a backport

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #4885

eve.json remove app-layer specific fields from root object

Updated by Jeff Lucovsky almost 4 years ago

Updated by Jeff Lucovsky almost 4 years ago

Updated by Shivani Bhardwaj over 3 years ago