Bug #6983: eve/alert/metadata: no pgsql object encapsulation - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6983

closed

eve/alert/metadata: no pgsql object encapsulation

Added by Juliana Fajardini Reichow over 1 year ago. Updated 7 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Juliana Fajardini Reichow

Target version:

8.0.0-beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

When adding a fix for #6092 I didn't take into consideration that the EVE object for pgsql is actually created outside of rs_pgsql_logger, which leads to the alert metadata being created without the pgsql object encapsulation:

  "alert": {
    "action": "allowed",
    "gid": 1,
    "signature_id": 1,
    "rev": 1,
    "signature": "PGSQL Test Rule",
    "category": "",
    "severity": 3
  },
  "request": {
    "simple_query": "select * from rules where sid = 2021701;" 
  },
  "response": {
    "field_count": 10,
    "data_rows": 3,
    "data_size": 1104,
    "command_completed": "SELECT 3" 
  },

Now, this must to be fixed.

Subtasks 1 (0 open — 1 closed)

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #6983

eve/alert/metadata: no pgsql object encapsulation

Updated by Juliana Fajardini Reichow over 1 year ago

Updated by Juliana Fajardini Reichow over 1 year ago

Updated by Juliana Fajardini Reichow over 1 year ago

Updated by Juliana Fajardini Reichow over 1 year ago

Updated by OISF Ticketbot over 1 year ago

Updated by OISF Ticketbot over 1 year ago

Updated by Juliana Fajardini Reichow about 1 year ago

Updated by Victor Julien 7 months ago