Feature #5262: run.py: should tell which fields are mismatching - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #5262

open

run.py: should tell which fields are mismatching

Added by Shivani Bhardwaj about 1 year ago. Updated 12 months ago.

Status:

Assigned

Priority:

Normal

Assignee:

Shivani Bhardwaj

Target version:

Effort:

Difficulty:

Label:

Python

Description

Something like

Sub task 1
----------
        email.to[0]: <recipient@example.com>
        event_type: smtp
        pcap_cnt: 89                                 <---- Mismatch
        proto: TCP 
        smtp.helo: client-1016363.example.int
        tx_id: 0

would be nice since it'll help us see which fields exactly to look at unless the entire event is missing.

Idea proposed by: Victor Julien

History
Property changes

Actions

Copy link

Updated by Shivani Bhardwaj about 1 year ago

Description updated (diff)

Actions

Copy link

Updated by Victor Julien 12 months ago

Assignee changed from Community Ticket to Shivani Bhardwaj

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #5262

run.py: should tell which fields are mismatching

Updated by Shivani Bhardwaj about 1 year ago

Updated by Victor Julien 12 months ago