Skip to content

Add the import zeek-json command #1259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jan 6, 2021
Merged

Add the import zeek-json command #1259

merged 5 commits into from
Jan 6, 2021

Conversation

dominiklohmann
Copy link
Member

@dominiklohmann dominiklohmann commented Jan 5, 2021
edited
Loading

📔 Description

This refactors the Suricata selector to be more generic, and makes use of that change to implement a Zeek JSON selector.

📝 Checklist

  • All user-facing changes have changelog entries.
  • The changes are reflected on docs.tenzir.com/vast, if necessary.
  • The PR description contains instructions for the reviewer, if necessary.

🎯 Review Instructions

Commit-by-commit.

Note that this requires a companion PR to the documentation, which we should merge first. Done.

@dominiklohmann dominiklohmann added the feature New functionality label Jan 5, 2021
@dominiklohmann dominiklohmann requested a review from a team January 5, 2021 14:06
@dominiklohmann dominiklohmann mentioned this pull request Jan 5, 2021
Merged
3 tasks
mavam
mavam reviewed Jan 6, 2021
View reviewed changes
Copy link
Member

@mavam mavam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Look good overall, just a few implementation questions.

@dominiklohmann dominiklohmann requested a review from mavam January 6, 2021 10:05
mavam
mavam approved these changes Jan 6, 2021
View reviewed changes
Copy link
Member

@mavam mavam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't tested this myself, but the integration tests look sane.

@dominiklohmann
Refactor suricata into generic json field selector
cd15610
@dominiklohmann
Add the import zeek-json command
40e0281
@dominiklohmann
Add missing integration test reference file
e6efe06 
Running with -u creates this file. Although it is not strictly an error
not to have this file, let's just include it so there's no diff at all
when running with -u.
@dominiklohmann
Add changelog entry
a6e126e
@dominiklohmann
Integrate review feedback
0a31430
@dominiklohmann dominiklohmann force-pushed the story/ch21379/corelight-json branch from e6a5cf1 to 0a31430 Compare January 6, 2021 13:24
@dominiklohmann
Copy link
Member Author

I rebased this because of a conflict in the changelog file. No further changes were made.

@dominiklohmann dominiklohmann merged commit 39962c6 into master Jan 6, 2021
@dominiklohmann dominiklohmann deleted the story/ch21379/corelight-json branch January 6, 2021 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mavam mavam mavam approved these changes

Assignees

@mavam mavam

Labels
feature New functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dominiklohmann @mavam