Story #6597
Updated by Juliana Fajardini Reichow 12 months ago
For each application layer protocol, the overall process should be: i. document the output of running @src/suricata --list-keyword | grep <app-proto>@ ii. document the output of the complete EVE log for said protocol iii. compare that to the schema.json for the app-proto iv. app-proto, and complete the schema, if needed v. iv. group the documented outputs from steps i. and ii. by type (e.g. integers) vi. v. list candidates for implementation (either as keywords or missing output fields), and share the list on the adequate ticket, request feedback for that on ticket vii. vi. implement keywords or missing output fields as agreed upon viii. create or update SV tests to cover new fields/keywords ix. document new fields/keywords Deliverables: iv, vii, viii, ix