Feature #7888: add app_proto to all event_type - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #7888

open

add app_proto to all event_type

Added by Eric Leblond 7 days ago. Updated 7 days ago.

Status:

In Review

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

There is a regression between Suricata 7 and Suricata 8. The app_proto was logged in almost all events in 7 and is only log in a small subset (fileinfo, flow, frame, netflow) in 8.

This could trigger problem for people who have dashboards or search using this key. Also there is a interest in this information in case of protocol upgrade. For example in the case of TLS, it is useful to know that the TLS session is an upgrade of a previous session to avoid thinking this is an anomaly.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #7888

add app_proto to all event_type

Updated by Eric Leblond 7 days ago

Updated by Eric Leblond 7 days ago

Updated by Eric Leblond 7 days ago