Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verdict eve field - 6.0.x backports - v1 #9303

Closed
wants to merge 4 commits into from
Closed

verdict eve field - 6.0.x backports - v1 #9303

wants to merge 4 commits into from

Conversation

jufajardini
Copy link
Contributor

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5794

Describe changes:

  • bring verdict changes to 60x
  • bring PacketCheckAction function (but not all the other changes from the commit from it)
  • add sections about ike, modbus and DHCP (noticed they were missing when I backported commit with doc changes)
SV_BRANCH=pr/1336

OISF/suricata-verify#1336

@jufajardini
output/alert: add verdict field
2fe5322 
Related to
Bug OISF#5464

(cherry picked from commit 53b8def)
@jufajardini
output/drop: add verdict field
0fd249d 
Related to
Bug OISF#5464

(cherry picked from commit 0437173)
@jufajardini
userguide/eve: format and reorganize alert section
2edfa46 
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.

(cherry picked from commit 9900bdc)
@jufajardini
userguide: add sections about missing appprotos
332ed50 
The section about eve json format was missing IKE, Modbus and DHCP
sections.
@jufajardini jufajardini requested review from norg and a team as code owners July 28, 2023 19:17
@jufajardini jufajardini mentioned this pull request Jul 28, 2023
Closed
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 15417

victorjulien
victorjulien reviewed Jul 29, 2023
View reviewed changes
doc/userguide/output/eve/eve-json-format.rst

::

"modbus": {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pretty sure we don't have modbus events in 6. Please review each type/field in this commit

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies, I should have checked the suricata.yaml file in the outputs section. Instead, I checked if there was modbus support, in general...

@jufajardini
Copy link
Contributor Author

Replaced by: #9309

@jufajardini jufajardini deleted the backports-verdict/v1 branch August 2, 2023 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien left review comments

@norg norg Awaiting requested review from norg norg is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@jufajardini @suricata-qa @victorjulien