Actions
Feature #7691
opendetect: explore code embedded relationships between registered keywords
Effort:
Difficulty:
Label:
Description
To better interpret what and how keywords relate, we discussed having in-code relationships between the keywords. This would allow automatic and up-to-date map e.g. in the form of JSON-LD that could be visualized and inspected by a common visualizer.
Updated by Lukas Sismis 1 day ago
Updated by Lukas Sismis 1 day ago
e.g.:
Input code below to https://json-ld.org/playground/ and click on "Visualizer" to see the output
{
"@context": {
"sur": "http://example.org/suricata#",
"name": "sur:keywordName",
"aliasOf": "sur:aliasOf",
"subkeywords": {
"@id": "sur:hasSubkeyword",
"@container": "@set"
},
"appliesTo": "sur:appliesTo",
"protocol": "sur:protocol",
"direction": "sur:direction",
"aliasContext": "sur:aliasContext"
},
"@graph": [
{
"@id": "sur:Protocols",
"name": "Protocols",
"subkeywords": [
{"@id": "sur:HTTP"},
{"@id": "sur:FTP"},
{"@id": "sur:TCP"},
{"@id": "sur:SMB"}
]
},
{
"@id": "sur:Directions",
"name": "Directions",
"subkeywords": [
{"@id": "sur:toServer"},
{"@id": "sur:toClient"}
]
},
{
"@id": "sur:HTTP",
"name": "http",
"protocol": "http",
"subkeywords": [
{"@id": "sur:HTTP_Response_Frame"},
{"@id": "sur:HTTP_Request_Body"}
]
},
{
"@id": "sur:FTP",
"name": "ftp",
"protocol": "ftp",
"subkeywords": [
{"@id": "sur:FTP_FileData"}
]
},
{
"@id": "sur:TCP",
"name": "tcp",
"protocol": "tcp"
},
{
"@id": "sur:SMB",
"name": "smb",
"protocol": "smb"
},
{
"@id": "sur:toServer",
"name": "toServer",
"direction": "toServer"
},
{
"@id": "sur:toClient",
"name": "toClient",
"direction": "toClient"
},
{
"@id": "sur:HTTP_Response_Frame",
"name": "http_response_frame",
"subkeywords": [
{"@id": "sur:HTTP_Response_Header"}
]
},
{
"@id": "sur:HTTP_Response_Header",
"name": "http.response_header",
"appliesTo": "sticky-buffer",
"subkeywords": [
{"@id": "sur:HTTP_Response_Line"},
{"@id": "sur:HTTP_Location"},
{"@id": "sur:HTTP_Server"},
{"@id": "sur:HTTP_Content_Type"},
{"@id": "sur:HTTP_Content_Len"},
{"@id": "sur:HTTP_Connection"}
]
},
{
"@id": "sur:HTTP_Response_Line",
"name": "http.response_line",
"appliesTo": "header",
"subkeywords": [
{"@id": "sur:HTTP_Stat_Code"},
{"@id": "sur:HTTP_Stat_Msg"}
]
},
{
"@id": "sur:HTTP_Stat_Code",
"name": "http.stat_code",
"appliesTo": "line"
},
{
"@id": "sur:HTTP_Stat_Msg",
"name": "http.stat_msg",
"appliesTo": "line"
},
{
"@id": "sur:HTTP_Location",
"name": "http.location",
"appliesTo": "header"
},
{
"@id": "sur:HTTP_Server",
"name": "http.server",
"appliesTo": "header"
},
{
"@id": "sur:HTTP_Content_Type",
"name": "http.content_type",
"appliesTo": "header"
},
{
"@id": "sur:HTTP_Content_Len",
"name": "http.content_len",
"appliesTo": "header"
},
{
"@id": "sur:HTTP_Connection",
"name": "http.connection",
"appliesTo": "header"
},
{
"@id": "sur:HTTP_Request_Body",
"name": "http.request_body",
"appliesTo": "sticky-buffer",
"protocol": "http",
"aliasOf": [
{
"@id": "sur:File_Data",
"aliasContext": "http"
}
]
},
{
"@id": "sur:FTP_FileData",
"name": "ftp.filedata",
"appliesTo": "sticky-buffer",
"protocol": "ftp"
},
{
"@id": "sur:File_Data",
"name": "file_data",
"appliesTo": "sticky-buffer",
"aliasOf": [
{"@id": "sur:HTTP_Request_Body"},
{"@id": "sur:FTP_FileData"}
]
}
]
}
Actions