Actions
Bug #6983
closedalert/metadata: no pgsql object encapsulation
Affected Versions:
Effort:
Difficulty:
Label:
Description
When adding a fix for #6092 I didn't take into consideration that the EVE object for pgsql is actually created outside of rs_pgsql_logger, which leads to the alert metadata being created without the pgsql object encapsulation:
"alert": {
"action": "allowed",
"gid": 1,
"signature_id": 1,
"rev": 1,
"signature": "PGSQL Test Rule",
"category": "",
"severity": 3
},
"request": {
"simple_query": "select * from rules where sid = 2021701;"
},
"response": {
"field_count": 10,
"data_rows": 3,
"data_size": 1104,
"command_completed": "SELECT 3"
},
Now, this must to be fixed.
Updated by Juliana Fajardini Reichow 6 months ago
- Subject changed from alert/metadata: no pgsql object created to alert/metadata: no pgsql object encapsulation
Updated by Juliana Fajardini Reichow 6 months ago
- Related to Bug #6092: eve/alert: missing pgsql metadata added
Updated by Juliana Fajardini Reichow 6 months ago
- Status changed from In Progress to In Review
PR for review: https://github.com/OISF/suricata/pull/10951
Updated by Juliana Fajardini Reichow 4 months ago
- Status changed from In Review to Resolved
- Label Needs backport to 7.0 added
Merged with https://github.com/OISF/suricata/pull/11253
Updated by Juliana Fajardini Reichow about 1 month ago
- Status changed from Resolved to Closed
Actions