Suricata

@Juliana Fajardini Reichow I do not see a SV test with an alert event and pgsql metadata
Is there one ?

Philippe Antoine wrote in #note-6:

@Juliana Fajardini Reichow I do not see a SV test with an alert event and pgsql metadata
Is there one ?

No, I haven't finished work on PGSQL events yet. I only followed the approach as seen for MQTT, for proposing a solution for this ticket. Should I reopen this ticket?

Juliana Fajardini Reichow wrote in #note-7:

No, I haven't finished work on PGSQL events yet. I only followed the approach as seen for MQTT, for proposing a solution for this ticket. Should I reopen this ticket?

I think you do not need events for this.

You can see for instance commit 4d2bd8cc38bb8d78cb8c473e831cb41140e3a80c in SV, about test output-eve-tftp-01 adding a check for an alert event with some tftp details

Philippe Antoine wrote in #note-8:

Juliana Fajardini Reichow wrote in #note-7:

No, I haven't finished work on PGSQL events yet. I only followed the approach as seen for MQTT, for proposing a solution for this ticket. Should I reopen this ticket?

I think you do not need events for this.

You can see for instance commit 4d2bd8cc38bb8d78cb8c473e831cb41140e3a80c in SV, about test output-eve-tftp-01 adding a check for an alert event with some tftp details

But would that work without detection capabilities for pgsql? :/

I guess so : there is no tftp keyword

Philippe Antoine wrote in #note-10:

I guess so : there is no tftp keyword

Thanks, I was trying and my tests were failing, but turns out that I (once again) had forgotten to add alert event types to my EVE logs ;_;

Philippe Antoine wrote in #note-10:

I guess so : there is no tftp keyword

Philippe Antoine wrote in #note-6:

@Juliana Fajardini Reichow I do not see a SV test with an alert event and pgsql metadata
Is there one ?

Does this work? https://github.com/OISF/suricata-verify/pull/1796

Looking good, will review it there