Feature #5262: run.py: should tell which fields are mismatching - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #5262

open

run.py: should tell which fields are mismatching

Added by Shivani Bhardwaj about 2 years ago. Updated 4 months ago.

Status:

Assigned

Priority:

Normal

Assignee:

Shivani Bhardwaj

Target version:

Effort:

Difficulty:

Label:

Python

Description

Something like

Sub task 1
----------
        email.to[0]: <recipient@example.com>
        event_type: smtp
        pcap_cnt: 89                                 <---- Mismatch
        proto: TCP 
        smtp.helo: client-1016363.example.int
        tx_id: 0

would be nice since it'll help us see which fields exactly to look at unless the entire event is missing.

Idea proposed by: Victor Julien

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #5262

run.py: should tell which fields are mismatching

Updated by Shivani Bhardwaj about 2 years ago

Updated by Victor Julien almost 2 years ago

Updated by Shivani Bhardwaj 4 months ago