Project

General

Profile

Actions
Copy link

Documentation #7395

open

engine/analysis: document the output for user friendliness

Added by Juliana Fajardini Reichow 3 months ago. Updated 4 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

While we keep improving and adding to the --engine-analysis output, some of the terms
used there are mostly still just exposing implementation terms.

Document what each means, so that rule writers and users can more easily interpret
engine-analysis reports.

As part of this, document what upstream and downstream mean for the rules/ flowbits dependencies.

Related issues 2 (1 open1 closed)

Related to Suricata - Documentation #7031: userguide: document SignatureProperties sigtypeResolvedJuliana Fajardini ReichowActions
Related to Suricata - Task #7456: engine/analysis: report rule state altered by flowbit ruleClosedJuliana Fajardini ReichowActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow 3 months ago

Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow 2 months ago

  • Related to Task #7456: engine/analysis: report rule state altered by flowbit rule added
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow 4 days ago

  • Description updated (diff)
Actions
Copy link

Also available in: Atom PDF