Actions
Bug #5814
closedsmb: duplicate interface fields logged
Affected Versions:
Effort:
Difficulty:
Label:
Description
The following tests result in duplicate interface fields being logged:
FAIL: ./tests/smb2-02/output/eve.json: key=interface, equal=True current value={'uuid': '4b324fc8-1670-01d3-1278-5a47bf6ee188', 'version': '3.0'}, new value={'uuid': '4b324fc8-1670-01d3-1278-5a47bf6ee188', 'version': '3.0'}
FAIL: ./tests/smb2-03-rule/output/eve.json: key=interface, equal=True current value={'uuid': '4b324fc8-1670-01d3-1278-5a47bf6ee188', 'version': '3.0'}, new value={'uuid': '4b324fc8-1670-01d3-1278-5a47bf6ee188', 'version': '3.0'}
FAIL: ./tests/smb2-07-frames/output/eve.json: key=interface, equal=True current value={'uuid': '367abb81-9844-35f1-ad32-98f038001003', 'version': '2.0'}, new value={'uuid': '367abb81-9844-35f1-ad32-98f038001003', 'version': '2.0'}
FAIL: ./tests/smb2-07/output/eve.json: key=interface, equal=True current value={'uuid': '367abb81-9844-35f1-ad32-98f038001003', 'version': '2.0'}, new value={'uuid': '367abb81-9844-35f1-ad32-98f038001003', 'version': '2.0'}
FAIL: ./tests/dcerpc-smb-test-01/output/eve.json: key=interface, equal=True current value={'uuid': '367abb81-9844-35f1-ad32-98f038001003', 'version': '2.0'}, new value={'uuid': '367abb81-9844-35f1-ad32-98f038001003', 'version': '2.0'}
FAIL: ./tests/smb2-08-rule/output/eve.json: key=interface, equal=True current value={'uuid': '4b324fc8-1670-01d3-1278-5a47bf6ee188', 'version': '3.0'}, new value={'uuid': '4b324fc8-1670-01d3-1278-5a47bf6ee188', 'version': '3.0'}
These should probably be put into an array named "interfaces". The curious bit is that the duplicates are equal.
@Eric Leblond Any thoughts there as this will change the structure of the event.
Actions