Project

General

Profile

Story #6597

Updated by Juliana Fajardini Reichow 12 months ago

For each application layer protocol, the overall process should be: 

 i. document the output of running 
 @src/suricata --list-keyword | grep <app-proto>@ 
 ii. document the output of the complete EVE log for said protocol 
 iii. compare that to the schema.json for the app-proto 
 iv. app-proto, and complete the schema, if needed 
 v. iv. group the documented outputs from steps i. and ii. by type (e.g. integers) 
 vi. v. list candidates for implementation (either as keywords or missing output fields), and share the list on the adequate ticket, request feedback for that on ticket 
 vii. vi. implement keywords or missing output fields as agreed upon 
 viii. create or update SV tests to cover new fields/keywords 
 ix. document new fields/keywords 

 Deliverables: 
 iv, vii, viii, ix 

Back