Project

General

Profile

Actions
Copy link

Task #6463

open

eve/output: investigate how to track coverage / parity

Added by Juliana Fajardini Reichow 6 months ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:
Outreachy

Description

We want to find a reliable and efficient way to track the outputs that we have on eve, to ensure they're
consistent and that we have everything represented in our JSON schema.

Related issues 3 (3 open0 closed)

Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Related to Suricata - Documentation #6478: schema: add missing fieldsNewCommunity TicketActions
Related to Suricata - Task #4772: tracking: parity between fields logged and fields available for detectionAssignedVictor JulienActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow 6 months ago

  • Related to Task #6443: Suricon 2023 brainstorm added
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow 6 months ago

  • Subject changed from outputs: investigate how to track coverage / parity to eve/output: investigate how to track coverage / parity

This also relates to ensuring that for each protocol, there are no logging discrepancies when we log a field in an alert and in an event, for instance.

Actions
Copy link
 #3

Updated by Victor Julien 6 months ago

Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow 5 months ago

  • Related to Task #4772: tracking: parity between fields logged and fields available for detection added
Actions
Copy link

Also available in: Atom PDF