Task #6463
closed
eve/output: investigate how to track coverage / parity
Added by Juliana Fajardini Reichow almost 2 years ago.
Updated about 5 hours ago.
Description
We want to find a reliable and efficient way to track the outputs that we have on eve, to ensure they're
consistent and that we have everything represented in our JSON schema.
Related issues
4 (4 open — 0 closed)
- Related to Task #6443: Suricon 2023 brainstorm added
- Subject changed from outputs: investigate how to track coverage / parity to eve/output: investigate how to track coverage / parity
This also relates to ensuring that for each protocol, there are no logging discrepancies when we log a field in an alert and in an event, for instance.
- Related to Task #4772: tracking: parity between fields logged and fields available for detection added
- Blocks Story #6597: rules: improve rules keyword/output parity added
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Jason Ish
- Blocks deleted (Story #6597: rules: improve rules keyword/output parity)
- Related to Story #7901: 9.0.0: rules: improve rules keyword/output parity added
- Status changed from In Progress to Closed
- Target version deleted (
TBD)
Also available in: Atom
PDF