Feature #8128: rules/transform: add json_decode transform - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8128

open

rules/transform: add json_decode transform

Added by Philippe Antoine 25 days ago. Updated 6 days ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

9.0.0-beta1

Effort:

Difficulty:

Label:

Description

Like url_decode but for "\u003f", and also remove white spaces...

Files

backslash-u-json.pcap (1.15 KB) backslash-u-json.pcap

Philippe Antoine, 12/08/2025 09:22 PM

Related issues 1 (1 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Updated by Philippe Antoine 25 days ago

Related to Task #8123: Suricon 2025 Brainstorm added

Actions

Copy link

Updated by Victor Julien 22 days ago

Subject changed from Transform: json decode to rules/transform: add json_decode transform

Could be prototyped using Lua transform.

Actions

Copy link

Updated by Philippe Antoine 6 days ago

File backslash-u-json.pcap backslash-u-json.pcap added

Pcap courtesy of Ron Bowes after his Suricon talk

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #8128

rules/transform: add json_decode transform

Updated by Philippe Antoine 25 days ago

Updated by Victor Julien 22 days ago

Updated by Philippe Antoine 6 days ago