Feature #5262: run.py: should tell which fields are mismatching - Suricata - Open Information Security Foundation

Feature #5262

Updated by Shivani Bhardwaj over 2 years ago

Something like 

 Sub test #1 

 <pre><code class="yaml"> 
 Sub task 1 
 ---------- 
         dest_ip: 1.2.190.250 
         dest_port: 25 
         email.attachment[0]: J.txt 
         email.from: <sender@example.com> 
         email.status: PARSE_DONE 
         email.to[0]: <recipient@example.com> 
         event_type: smtp 
         pcap_cnt: 89                                         <---- Mismatch 
         proto: TCP  
         smtp.helo: client-1016363.example.int 
         smtp.mail_from: <sender@example.com> 
         smtp.rcpt_to[0]: <recipient@example.com> 
         src_ip: 1.1.205.22 
         src_port: 4053 
         tx_id: 0 

 </code></pre> 

 would be nice since it'll help us see which fields exactly to look at unless the entire event is missing. 

 Idea proposed by: Victor Julien

Back

Project

General

Profile

Suricata

Feature #5262