Feature #6457
open
eve: configurable list of fields in output
Added by Philippe Antoine over 2 years ago.
Updated 10 days ago.
Description
Suricata should be able to get a schema.json as input :
This schema.json has a reduced number of fields compared to what Suricata can output.
The fields that are absent should not be output by Suricata (for instance we could have everything but dnp3.application.objects)
Related issues
1 (1 open — 0 closed)
- Related to Task #6443: Suricon 2023 brainstorm added
- Tracker changed from Optimization to Feature
- Subject changed from Configurable list of fields in output to eve: configurable list of fields in output
- Priority changed from Normal to Low
Wondering if we want this feature indeed...
- Status changed from New to Assigned
Also available in: Atom
PDF