Project

General

Profile

Actions
Copy link

Task #6463

open

eve/output: investigate how to track coverage / parity

Added by Juliana Fajardini Reichow over 1 year ago. Updated 19 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Jason Ish
Target version:
TBD
Effort:
Difficulty:
Label:
Outreachy

Description

We want to find a reliable and efficient way to track the outputs that we have on eve, to ensure they're
consistent and that we have everything represented in our JSON schema.

Related issues 4 (4 open0 closed)

Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Related to Suricata - Documentation #6478: schema: add missing fieldsNewCommunity TicketActions
Related to Suricata - Task #4772: tracking: parity between fields logged and fields available for detectionAssignedVictor JulienActions
Blocks Suricata - Story #6597: rules: improve rules keyword/output parityNewVictor JulienActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow over 1 year ago

  • Related to Task #6443: Suricon 2023 brainstorm added
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow over 1 year ago

  • Subject changed from outputs: investigate how to track coverage / parity to eve/output: investigate how to track coverage / parity

This also relates to ensuring that for each protocol, there are no logging discrepancies when we log a field in an alert and in an event, for instance.

Actions
Copy link
 #3

Updated by Victor Julien over 1 year ago

Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow over 1 year ago

  • Related to Task #4772: tracking: parity between fields logged and fields available for detection added
Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow 6 months ago

  • Blocks Story #6597: rules: improve rules keyword/output parity added
Actions
Copy link
 #6

Updated by Victor Julien 19 days ago

  • Status changed from New to In Progress
  • Assignee changed from OISF Dev to Jason Ish
Actions
Copy link

Also available in: Atom PDF