aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

eve/schema: reformat with clang-format

Browse Source
pull/13410/head
Victor Julien 3 months ago committed by Victor Julien
parent 1aaf5cb7d2
commit 17ed70dcb5
1 changed files with 134 additions and 67 deletions
Show Stats Download Patch File Download Diff File

201
etc/schema.json
Unescape Escape View File

@ -989,7 +989,8 @@
"type": "integer"
}
},
"description": "A Secure Shell fingerprint, used to verify the system\u2019s authenticity"
"description":
"A Secure Shell fingerprint, used to verify the system\u2019s authenticity"
},
"ttl": {
"type": "integer"
@ -1087,7 +1088,8 @@
},
"SSHFP": {
"type": "array",
"description": "A Secure Shell fingerprint is used to verify the system\u2019s authenticity",
"description":
"A Secure Shell fingerprint is used to verify the system\u2019s authenticity",
"minItems": 1,
"items": {
"type": "object",
@ -1113,7 +1115,8 @@
}
}
},
"desription": "DNS fields grouped by type: alternative format, no direct keywords",
"desription":
"DNS fields grouped by type: alternative format, no direct keywords",
"suricata": {
"keywords": false
}
@ -1159,7 +1162,8 @@
},
"rrname_truncated": {
"type": "boolean",
"description": "Set to true if the rrname was too long and truncated by Suricata"
"description":
"Set to true if the rrname was too long and truncated by Suricata"
},
"rrtype": {
"type": "string",
@ -1183,7 +1187,8 @@
},
"query": {
"type": "array",
"$comment": "EVE DNS v2 style query logging; as of Suricata 8 only used in DNS records when v2 logging is enabled, not used for DNS records logged as part of an event.",
"$comment":
"EVE DNS v2 style query logging; as of Suricata 8 only used in DNS records when v2 logging is enabled, not used for DNS records logged as part of an event.",
"minItems": 1,
"items": {
"type": "object",
@ -1864,7 +1869,8 @@
"description": "What triggered the exception"
}
},
"description": "The exception policy(ies) triggered by the flow. Not logged if none was triggered"
"description":
"The exception policy(ies) triggered by the flow. Not logged if none was triggered"
},
"pkts_toclient": {
"type": "integer",
@ -2003,7 +2009,8 @@
},
"host": {
"type": "string",
"$comment": "May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919",
"$comment":
"May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919",
"description": "the sensor-name, if configured"
},
"http": {
@ -3723,7 +3730,8 @@
},
"password_redacted": {
"type": "boolean",
"description": "indicates if a password message was received but not logged due to Suricata settings"
"description":
"indicates if a password message was received but not logged due to Suricata settings"
},
"process_id": {
"type": "integer"
@ -3981,7 +3989,8 @@
"properties": {
"cyu": {
"type": "array",
"description": "ja3-like fingerprint for versions of QUIC before standardization",
"description":
"ja3-like fingerprint for versions of QUIC before standardization",
"minItems": 1,
"items": {
"type": "object",
@ -4346,12 +4355,14 @@
"email": {
"type": "string",
"optional": true,
"description": "Email address for the person responsible for the conference"
"description":
"Email address for the person responsible for the conference"
},
"encryption_key": {
"type": "string",
"optional": true,
"description": "Field used to convey encryption keys if SDP is used over a secure channel"
"description":
"Field used to convey encryption keys if SDP is used over a secure channel"
},
"media_descriptions": {
"type": "array",
@ -4363,7 +4374,8 @@
"properties": {
"attributes": {
"type": "array",
"description": "A list of attributes specified for a media description",
"description":
"A list of attributes specified for a media description",
"optional": true,
"minItems": 1,
"items": {
@ -4388,7 +4400,8 @@
"encryption_key": {
"type": "string",
"optional": true,
"description": "Field used to convey encryption keys if SDP is used over a secure channel"
"description":
"Field used to convey encryption keys if SDP is used over a secure channel"
},
"media": {
"type": "string",
@ -4397,7 +4410,8 @@
"media_info": {
"type": "string",
"optional": true,
"description": "Media information primarily intended for labelling media streams"
"description":
"Media information primarily intended for labelling media streams"
}
},
"optional": true
@ -4410,7 +4424,8 @@
"phone_number": {
"type": "string",
"optional": true,
"description": "Phone number for the person responsible for the conference"
"description":
"Phone number for the person responsible for the conference"
},
"session_info": {
"type": "string",
@ -4446,7 +4461,8 @@
"timezone": {
"type": "string",
"optional": true,
"description": "Timezone to specify adjustments for times and offsets from the base time"
"description":
"Timezone to specify adjustments for times and offsets from the base time"
},
"uri": {
"type": "string",
@ -4867,7 +4883,8 @@
"additionalProperties": false,
"properties": {
"bittorrent-dht": {
"description": "Errors encountered parsing BitTorrent DHT protocol",
"description":
"Errors encountered parsing BitTorrent DHT protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"dcerpc_tcp": {
@ -4934,11 +4951,13 @@
"$ref": "#/$defs/stats_applayer_error"
},
"krb5_tcp": {
"description": "Errors encountered parsing Kerberos v5/TCP protocol",
"description":
"Errors encountered parsing Kerberos v5/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"krb5_udp": {
"description": "Errors encountered parsing Kerberos v5/UDP protocol",
"description":
"Errors encountered parsing Kerberos v5/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"ldap_tcp": {
@ -5222,7 +5241,8 @@
"properties": {
"bittorrent-dht": {
"type": "integer",
"description": "Number of transactions for BitTorrent DHT protocol"
"description":
"Number of transactions for BitTorrent DHT protocol"
},
"dcerpc_tcp": {
"type": "integer",
@ -5289,11 +5309,13 @@
},
"krb5_tcp": {
"type": "integer",
"description": "Number of transactions for Kerberos v5/TCP protocol"
"description":
"Number of transactions for Kerberos v5/TCP protocol"
},
"krb5_udp": {
"type": "integer",
"description": "Number of transactions for Kerberos v5/UDP protocol"
"description":
"Number of transactions for Kerberos v5/UDP protocol"
},
"ldap_tcp": {
"type": "integer",
@ -5438,7 +5460,8 @@
"properties": {
"trunc_pkt": {
"type": "integer",
"description": "Number of packets truncated by AF_PACKET"
"description":
"Number of packets truncated by AF_PACKET"
}
}
},
@ -6147,11 +6170,13 @@
},
"max_frags_reached": {
"type": "integer",
"description": "How many times a fragment wasn't stored due to max-frags limit being reached"
"description":
"How many times a fragment wasn't stored due to max-frags limit being reached"
},
"max_trackers_reached": {
"type": "integer",
"description": "How many times a packet wasn't reassembled due to max-trackers limit being reached"
"description":
"How many times a packet wasn't reassembled due to max-trackers limit being reached"
},
"memuse": {
"type": "integer",
@ -6168,11 +6193,13 @@
},
"tracker_hard_reuse": {
"type": "integer",
"description": "Active tracker force closed before completion and reused for new tracker"
"description":
"Active tracker force closed before completion and reused for new tracker"
},
"tracker_soft_reuse": {
"type": "integer",
"description": "Finished tracker re-used from hash table before being moved to spare pool"
"description":
"Finished tracker re-used from hash table before being moved to spare pool"
},
"wrk": {
"type": "object",
@ -6232,7 +6259,8 @@
"properties": {
"blocked_function_errors": {
"type": "integer",
"description": "Counter for Lua scripts failing due to blocked functions being called"
"description":
"Counter for Lua scripts failing due to blocked functions being called"
},
"errors": {
"type": "integer",
@ -6240,7 +6268,8 @@
},
"instruction_limit_errors": {
"type": "integer",
"description": "Count of Lua rules exceeding the instruction limit"
"description":
"Count of Lua rules exceeding the instruction limit"
},
"memory_limit_errors": {
"type": "integer",
@ -6265,36 +6294,42 @@
"app_layer": {
"type": "object",
"error": {
"description": "Consolidated stats on how many times app-layer error exception policy was applied, and which one",
"description":
"Consolidated stats on how many times app-layer error exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
}
},
"defrag": {
"type": "object",
"memcap": {
"description": "How many times defrag memcap exception policy was applied, and which one",
"description":
"How many times defrag memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
}
},
"flow": {
"type": "object",
"memcap": {
"description": "How many times flow memcap exception policy was applied, and which one",
"description":
"How many times flow memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
}
},
"tcp": {
"type": "object",
"midstream": {
"description": "How many times midstream exception policy was applied, and which one",
"description":
"How many times midstream exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"ssn_memcap": {
"description": "How many times session memcap exception policy was applied, and which one",
"description":
"How many times session memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"reassembly": {
"description": "How many times reassembly memcap exception policy was applied, and which one",
"description":
"How many times reassembly memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
}
}
@ -6406,23 +6441,28 @@
},
"get_used": {
"type": "integer",
"description": "Number of reused flows from the hash table in case memcap was reached and spare pool was empty"
"description":
"Number of reused flows from the hash table in case memcap was reached and spare pool was empty"
},
"get_used_eval": {
"type": "integer",
"description": "Number of attempts at getting a flow directly from the hash"
"description":
"Number of attempts at getting a flow directly from the hash"
},
"get_used_eval_busy": {
"type": "integer",
"description": "Number of times a flow was found in the hash but the lock for hash bucket could not be obtained"
"description":
"Number of times a flow was found in the hash but the lock for hash bucket could not be obtained"
},
"get_used_eval_reject": {
"type": "integer",
"description": "Number of flows that were evaluated but rejected from reuse as they were still alive/active"
"description":
"Number of flows that were evaluated but rejected from reuse as they were still alive/active"
},
"get_used_failed": {
"type": "integer",
"description": "Number of times retrieval of flow from hash was attempted but was unsuccessful"
"description":
"Number of times retrieval of flow from hash was attempted but was unsuccessful"
},
"icmpv4": {
"type": "integer",
@ -6446,7 +6486,8 @@
"properties": {
"flows_checked": {
"type": "integer",
"description": "number of flows checked for timeout in the last pass"
"description":
"number of flows checked for timeout in the last pass"
},
"flows_evicted": {
"type": "integer",
@ -6454,7 +6495,8 @@
},
"flows_evicted_needs_work": {
"type": "integer",
"description": "number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work"
"description":
"number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work"
},
"flows_notimeout": {
"type": "integer",
@ -6466,7 +6508,8 @@
},
"full_hash_pass": {
"type": "integer",
"description": "number of times a full pass of the hash table was done"
"description":
"number of times a full pass of the hash table was done"
},
"rows_maxlen": {
"type": "integer",
@ -6474,7 +6517,8 @@
},
"rows_per_sec": {
"type": "integer",
"description": "number of rows to be scanned every second by a worker"
"description":
"number of rows to be scanned every second by a worker"
}
}
},
@ -6506,7 +6550,8 @@
},
"tcp_reuse": {
"type": "integer",
"description": "Number of TCP flows that were reused as they seemed to share the same flow tuple"
"description":
"Number of TCP flows that were reused as they seemed to share the same flow tuple"
},
"total": {
"type": "integer",
@ -6701,31 +6746,38 @@
"properties": {
"applayer_error": {
"type": "integer",
"description": "Number of packets dropped due to app-layer error exception policy"
"description":
"Number of packets dropped due to app-layer error exception policy"
},
"applayer_memcap": {
"type": "integer",
"description": "Number of packets dropped due to applayer memcap"
"description":
"Number of packets dropped due to applayer memcap"
},
"decode_error": {
"type": "integer",
"description": "Number of packets dropped due to decoding errors"
"description":
"Number of packets dropped due to decoding errors"
},
"default_app_policy": {
"type": "integer",
"description": "Number of packets dropped due to default app policy"
"description":
"Number of packets dropped due to default app policy"
},
"default_packet_policy": {
"type": "integer",
"description": "Number of packets dropped due to default packet policy"
"description":
"Number of packets dropped due to default packet policy"
},
"defrag_error": {
"type": "integer",
"description": "Number of packets dropped due to defragmentation errors"
"description":
"Number of packets dropped due to defragmentation errors"
},
"defrag_memcap": {
"type": "integer",
"description": "Number of packets dropped due to defrag memcap exception policy"
"description":
"Number of packets dropped due to defrag memcap exception policy"
},
"flow_drop": {
"type": "integer",
@ -6733,7 +6785,8 @@
},
"flow_memcap": {
"type": "integer",
"description": "Number of packets dropped due to flow memcap exception policy"
"description":
"Number of packets dropped due to flow memcap exception policy"
},
"nfq_error": {
"type": "integer",
@ -6745,31 +6798,38 @@
},
"stream_error": {
"type": "integer",
"description": "Number of packets dropped due to invalid TCP stream"
"description":
"Number of packets dropped due to invalid TCP stream"
},
"stream_memcap": {
"type": "integer",
"description": "Number of packets dropped due to stream memcap exception policy"
"description":
"Number of packets dropped due to stream memcap exception policy"
},
"stream_midstream": {
"type": "integer",
"description": "Number of packets dropped due to stream midstream exception policy"
"description":
"Number of packets dropped due to stream midstream exception policy"
},
"stream_reassembly": {
"type": "integer",
"description": "Number of packets dropped due to stream reassembly exception policy"
"description":
"Number of packets dropped due to stream reassembly exception policy"
},
"stream_urgent": {
"type": "integer",
"description": "Number of packets dropped due to TCP urgent flag"
"description":
"Number of packets dropped due to TCP urgent flag"
},
"threshold_detection_filter": {
"type": "integer",
"description": "Number of packets dropped due to threshold detection filter"
"description":
"Number of packets dropped due to threshold detection filter"
},
"tunnel_packet_drop": {
"type": "integer",
"description": "Number of packets dropped due to inner tunnel packet being dropped"
"description":
"Number of packets dropped due to inner tunnel packet being dropped"
}
},
"description": "Number of dropped packets, grouped by drop reason"
@ -6790,7 +6850,8 @@
"properties": {
"pressure": {
"type": "integer",
"description": "Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http"
"description":
"Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http"
},
"pressure_max": {
"type": "integer",
@ -6961,7 +7022,8 @@
},
"tc_urgent_oob_data": {
"type": "integer",
"description": "Number of Out-of-Band bytes sent by server using TCP urgent packets"
"description":
"Number of Out-of-Band bytes sent by server using TCP urgent packets"
},
"tcp_flags": {
"type": "string"
@ -6980,7 +7042,8 @@
},
"ts_urgent_oob_data": {
"type": "integer",
"description": "Number of Out-of-Band bytes sent by client using TCP urgent packets"
"description":
"Number of Out-of-Band bytes sent by client using TCP urgent packets"
},
"urg": {
"type": "boolean"
@ -7413,7 +7476,8 @@
},
"tx_guessed": {
"type": "boolean",
"description": "the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect"
"description":
"the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect"
},
"tx_id": {
"type": "integer"
@ -7499,7 +7563,8 @@
},
"rdata_truncated": {
"type": "boolean",
"description": "Set to true if the rdata was too long and truncated by Suricata"
"description":
"Set to true if the rdata was too long and truncated by Suricata"
},
"rrname": {
"type": "string",
@ -7512,7 +7577,8 @@
},
"rrname_truncated": {
"type": "boolean",
"description": "Set to true if the rrname was too long and truncated by Suricata"
"description":
"Set to true if the rrname was too long and truncated by Suricata"
},
"rrtype": {
"type": "string"
@ -7584,7 +7650,8 @@
"description": "Number of errors allocating memory"
},
"exception_policy": {
"description": "How many times app-layer error exception policy was applied, and which one",
"description":
"How many times app-layer error exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"gap": {

Write Preview
Loading…
Cancel
Save