aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

eve/schema: reformat with clang-format

Browse Source
pull/13410/head
Victor Julien 3 months ago committed by Victor Julien
parent 1aaf5cb7d2
commit 17ed70dcb5
1 changed files with 134 additions and 67 deletions
Show Stats Download Patch File Download Diff File

201
etc/schema.json
Unescape Escape View File

@ -989,7 +989,8 @@
"type": "integer" "type": "integer"
} }
}, },
"description": "A Secure Shell fingerprint, used to verify the system\u2019s authenticity" "description":
"A Secure Shell fingerprint, used to verify the system\u2019s authenticity"
}, },
"ttl": { "ttl": {
"type": "integer" "type": "integer"
@ -1087,7 +1088,8 @@
}, },
"SSHFP": { "SSHFP": {
"type": "array", "type": "array",
"description": "A Secure Shell fingerprint is used to verify the system\u2019s authenticity", "description":
"A Secure Shell fingerprint is used to verify the system\u2019s authenticity",
"minItems": 1, "minItems": 1,
"items": { "items": {
"type": "object", "type": "object",
@ -1113,7 +1115,8 @@
} }
} }
}, },
"desription": "DNS fields grouped by type: alternative format, no direct keywords", "desription":
"DNS fields grouped by type: alternative format, no direct keywords",
"suricata": { "suricata": {
"keywords": false "keywords": false
} }
@ -1159,7 +1162,8 @@
}, },
"rrname_truncated": { "rrname_truncated": {
"type": "boolean", "type": "boolean",
"description": "Set to true if the rrname was too long and truncated by Suricata" "description":
"Set to true if the rrname was too long and truncated by Suricata"
}, },
"rrtype": { "rrtype": {
"type": "string", "type": "string",
@ -1183,7 +1187,8 @@
}, },
"query": { "query": {
"type": "array", "type": "array",
"$comment": "EVE DNS v2 style query logging; as of Suricata 8 only used in DNS records when v2 logging is enabled, not used for DNS records logged as part of an event.", "$comment":
"EVE DNS v2 style query logging; as of Suricata 8 only used in DNS records when v2 logging is enabled, not used for DNS records logged as part of an event.",
"minItems": 1, "minItems": 1,
"items": { "items": {
"type": "object", "type": "object",
@ -1864,7 +1869,8 @@
"description": "What triggered the exception" "description": "What triggered the exception"
} }
}, },
"description": "The exception policy(ies) triggered by the flow. Not logged if none was triggered" "description":
"The exception policy(ies) triggered by the flow. Not logged if none was triggered"
}, },
"pkts_toclient": { "pkts_toclient": {
"type": "integer", "type": "integer",
@ -2003,7 +2009,8 @@
}, },
"host": { "host": {
"type": "string", "type": "string",
"$comment": "May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919", "$comment":
"May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919",
"description": "the sensor-name, if configured" "description": "the sensor-name, if configured"
}, },
"http": { "http": {
@ -3723,7 +3730,8 @@
}, },
"password_redacted": { "password_redacted": {
"type": "boolean", "type": "boolean",
"description": "indicates if a password message was received but not logged due to Suricata settings" "description":
"indicates if a password message was received but not logged due to Suricata settings"
}, },
"process_id": { "process_id": {
"type": "integer" "type": "integer"
@ -3981,7 +3989,8 @@
"properties": { "properties": {
"cyu": { "cyu": {
"type": "array", "type": "array",
"description": "ja3-like fingerprint for versions of QUIC before standardization", "description":
"ja3-like fingerprint for versions of QUIC before standardization",
"minItems": 1, "minItems": 1,
"items": { "items": {
"type": "object", "type": "object",
@ -4346,12 +4355,14 @@
"email": { "email": {
"type": "string", "type": "string",
"optional": true, "optional": true,
"description": "Email address for the person responsible for the conference" "description":
"Email address for the person responsible for the conference"
}, },
"encryption_key": { "encryption_key": {
"type": "string", "type": "string",
"optional": true, "optional": true,
"description": "Field used to convey encryption keys if SDP is used over a secure channel" "description":
"Field used to convey encryption keys if SDP is used over a secure channel"
}, },
"media_descriptions": { "media_descriptions": {
"type": "array", "type": "array",
@ -4363,7 +4374,8 @@
"properties": { "properties": {
"attributes": { "attributes": {
"type": "array", "type": "array",
"description": "A list of attributes specified for a media description", "description":
"A list of attributes specified for a media description",
"optional": true, "optional": true,
"minItems": 1, "minItems": 1,
"items": { "items": {
@ -4388,7 +4400,8 @@
"encryption_key": { "encryption_key": {
"type": "string", "type": "string",
"optional": true, "optional": true,
"description": "Field used to convey encryption keys if SDP is used over a secure channel" "description":
"Field used to convey encryption keys if SDP is used over a secure channel"
}, },
"media": { "media": {
"type": "string", "type": "string",
@ -4397,7 +4410,8 @@
"media_info": { "media_info": {
"type": "string", "type": "string",
"optional": true, "optional": true,
"description": "Media information primarily intended for labelling media streams" "description":
"Media information primarily intended for labelling media streams"
} }
}, },
"optional": true "optional": true
@ -4410,7 +4424,8 @@
"phone_number": { "phone_number": {
"type": "string", "type": "string",
"optional": true, "optional": true,
"description": "Phone number for the person responsible for the conference" "description":
"Phone number for the person responsible for the conference"
}, },
"session_info": { "session_info": {
"type": "string", "type": "string",
@ -4446,7 +4461,8 @@
"timezone": { "timezone": {
"type": "string", "type": "string",
"optional": true, "optional": true,
"description": "Timezone to specify adjustments for times and offsets from the base time" "description":
"Timezone to specify adjustments for times and offsets from the base time"
}, },
"uri": { "uri": {
"type": "string", "type": "string",
@ -4867,7 +4883,8 @@
"additionalProperties": false, "additionalProperties": false,
"properties": { "properties": {
"bittorrent-dht": { "bittorrent-dht": {
"description": "Errors encountered parsing BitTorrent DHT protocol", "description":
"Errors encountered parsing BitTorrent DHT protocol",
"$ref": "#/$defs/stats_applayer_error" "$ref": "#/$defs/stats_applayer_error"
}, },
"dcerpc_tcp": { "dcerpc_tcp": {
@ -4934,11 +4951,13 @@
"$ref": "#/$defs/stats_applayer_error" "$ref": "#/$defs/stats_applayer_error"
}, },
"krb5_tcp": { "krb5_tcp": {
"description": "Errors encountered parsing Kerberos v5/TCP protocol", "description":
"Errors encountered parsing Kerberos v5/TCP protocol",
"$ref": "#/$defs/stats_applayer_error" "$ref": "#/$defs/stats_applayer_error"
}, },
"krb5_udp": { "krb5_udp": {
"description": "Errors encountered parsing Kerberos v5/UDP protocol", "description":
"Errors encountered parsing Kerberos v5/UDP protocol",
"$ref": "#/$defs/stats_applayer_error" "$ref": "#/$defs/stats_applayer_error"
}, },
"ldap_tcp": { "ldap_tcp": {
@ -5222,7 +5241,8 @@
"properties": { "properties": {
"bittorrent-dht": { "bittorrent-dht": {
"type": "integer", "type": "integer",
"description": "Number of transactions for BitTorrent DHT protocol" "description":
"Number of transactions for BitTorrent DHT protocol"
}, },
"dcerpc_tcp": { "dcerpc_tcp": {
"type": "integer", "type": "integer",
@ -5289,11 +5309,13 @@
}, },
"krb5_tcp": { "krb5_tcp": {
"type": "integer", "type": "integer",
"description": "Number of transactions for Kerberos v5/TCP protocol" "description":
"Number of transactions for Kerberos v5/TCP protocol"
}, },
"krb5_udp": { "krb5_udp": {
"type": "integer", "type": "integer",
"description": "Number of transactions for Kerberos v5/UDP protocol" "description":
"Number of transactions for Kerberos v5/UDP protocol"
}, },
"ldap_tcp": { "ldap_tcp": {
"type": "integer", "type": "integer",
@ -5438,7 +5460,8 @@
"properties": { "properties": {
"trunc_pkt": { "trunc_pkt": {
"type": "integer", "type": "integer",
"description": "Number of packets truncated by AF_PACKET" "description":
"Number of packets truncated by AF_PACKET"
} }
} }
}, },
@ -6147,11 +6170,13 @@
}, },
"max_frags_reached": { "max_frags_reached": {
"type": "integer", "type": "integer",
"description": "How many times a fragment wasn't stored due to max-frags limit being reached" "description":
"How many times a fragment wasn't stored due to max-frags limit being reached"
}, },
"max_trackers_reached": { "max_trackers_reached": {
"type": "integer", "type": "integer",
"description": "How many times a packet wasn't reassembled due to max-trackers limit being reached" "description":
"How many times a packet wasn't reassembled due to max-trackers limit being reached"
}, },
"memuse": { "memuse": {
"type": "integer", "type": "integer",
@ -6168,11 +6193,13 @@
}, },
"tracker_hard_reuse": { "tracker_hard_reuse": {
"type": "integer", "type": "integer",
"description": "Active tracker force closed before completion and reused for new tracker" "description":
"Active tracker force closed before completion and reused for new tracker"
}, },
"tracker_soft_reuse": { "tracker_soft_reuse": {
"type": "integer", "type": "integer",
"description": "Finished tracker re-used from hash table before being moved to spare pool" "description":
"Finished tracker re-used from hash table before being moved to spare pool"
}, },
"wrk": { "wrk": {
"type": "object", "type": "object",
@ -6232,7 +6259,8 @@
"properties": { "properties": {
"blocked_function_errors": { "blocked_function_errors": {
"type": "integer", "type": "integer",
"description": "Counter for Lua scripts failing due to blocked functions being called" "description":
"Counter for Lua scripts failing due to blocked functions being called"
}, },
"errors": { "errors": {
"type": "integer", "type": "integer",
@ -6240,7 +6268,8 @@
}, },
"instruction_limit_errors": { "instruction_limit_errors": {
"type": "integer", "type": "integer",
"description": "Count of Lua rules exceeding the instruction limit" "description":
"Count of Lua rules exceeding the instruction limit"
}, },
"memory_limit_errors": { "memory_limit_errors": {
"type": "integer", "type": "integer",
@ -6265,36 +6294,42 @@
"app_layer": { "app_layer": {
"type": "object", "type": "object",
"error": { "error": {
"description": "Consolidated stats on how many times app-layer error exception policy was applied, and which one", "description":
"Consolidated stats on how many times app-layer error exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy" "$ref": "#/$defs/exceptionPolicy"
} }
}, },
"defrag": { "defrag": {
"type": "object", "type": "object",
"memcap": { "memcap": {
"description": "How many times defrag memcap exception policy was applied, and which one", "description":
"How many times defrag memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy" "$ref": "#/$defs/exceptionPolicy"
} }
}, },
"flow": { "flow": {
"type": "object", "type": "object",
"memcap": { "memcap": {
"description": "How many times flow memcap exception policy was applied, and which one", "description":
"How many times flow memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy" "$ref": "#/$defs/exceptionPolicy"
} }
}, },
"tcp": { "tcp": {
"type": "object", "type": "object",
"midstream": { "midstream": {
"description": "How many times midstream exception policy was applied, and which one", "description":
"How many times midstream exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy" "$ref": "#/$defs/exceptionPolicy"
}, },
"ssn_memcap": { "ssn_memcap": {
"description": "How many times session memcap exception policy was applied, and which one", "description":
"How many times session memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy" "$ref": "#/$defs/exceptionPolicy"
}, },
"reassembly": { "reassembly": {
"description": "How many times reassembly memcap exception policy was applied, and which one", "description":
"How many times reassembly memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy" "$ref": "#/$defs/exceptionPolicy"
} }
} }
@ -6406,23 +6441,28 @@
}, },
"get_used": { "get_used": {
"type": "integer", "type": "integer",
"description": "Number of reused flows from the hash table in case memcap was reached and spare pool was empty" "description":
"Number of reused flows from the hash table in case memcap was reached and spare pool was empty"
}, },
"get_used_eval": { "get_used_eval": {
"type": "integer", "type": "integer",
"description": "Number of attempts at getting a flow directly from the hash" "description":
"Number of attempts at getting a flow directly from the hash"
}, },
"get_used_eval_busy": { "get_used_eval_busy": {
"type": "integer", "type": "integer",
"description": "Number of times a flow was found in the hash but the lock for hash bucket could not be obtained" "description":
"Number of times a flow was found in the hash but the lock for hash bucket could not be obtained"
}, },
"get_used_eval_reject": { "get_used_eval_reject": {
"type": "integer", "type": "integer",
"description": "Number of flows that were evaluated but rejected from reuse as they were still alive/active" "description":
"Number of flows that were evaluated but rejected from reuse as they were still alive/active"
}, },
"get_used_failed": { "get_used_failed": {
"type": "integer", "type": "integer",
"description": "Number of times retrieval of flow from hash was attempted but was unsuccessful" "description":
"Number of times retrieval of flow from hash was attempted but was unsuccessful"
}, },
"icmpv4": { "icmpv4": {
"type": "integer", "type": "integer",
@ -6446,7 +6486,8 @@
"properties": { "properties": {
"flows_checked": { "flows_checked": {
"type": "integer", "type": "integer",
"description": "number of flows checked for timeout in the last pass" "description":
"number of flows checked for timeout in the last pass"
}, },
"flows_evicted": { "flows_evicted": {
"type": "integer", "type": "integer",
@ -6454,7 +6495,8 @@
}, },
"flows_evicted_needs_work": { "flows_evicted_needs_work": {
"type": "integer", "type": "integer",
"description": "number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work" "description":
"number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work"
}, },
"flows_notimeout": { "flows_notimeout": {
"type": "integer", "type": "integer",
@ -6466,7 +6508,8 @@
}, },
"full_hash_pass": { "full_hash_pass": {
"type": "integer", "type": "integer",
"description": "number of times a full pass of the hash table was done" "description":
"number of times a full pass of the hash table was done"
}, },
"rows_maxlen": { "rows_maxlen": {
"type": "integer", "type": "integer",
@ -6474,7 +6517,8 @@
}, },
"rows_per_sec": { "rows_per_sec": {
"type": "integer", "type": "integer",
"description": "number of rows to be scanned every second by a worker" "description":
"number of rows to be scanned every second by a worker"
} }
} }
}, },
@ -6506,7 +6550,8 @@
}, },
"tcp_reuse": { "tcp_reuse": {
"type": "integer", "type": "integer",
"description": "Number of TCP flows that were reused as they seemed to share the same flow tuple" "description":
"Number of TCP flows that were reused as they seemed to share the same flow tuple"
}, },
"total": { "total": {
"type": "integer", "type": "integer",
@ -6701,31 +6746,38 @@
"properties": { "properties": {
"applayer_error": { "applayer_error": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to app-layer error exception policy" "description":
"Number of packets dropped due to app-layer error exception policy"
}, },
"applayer_memcap": { "applayer_memcap": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to applayer memcap" "description":
"Number of packets dropped due to applayer memcap"
}, },
"decode_error": { "decode_error": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to decoding errors" "description":
"Number of packets dropped due to decoding errors"
}, },
"default_app_policy": { "default_app_policy": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to default app policy" "description":
"Number of packets dropped due to default app policy"
}, },
"default_packet_policy": { "default_packet_policy": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to default packet policy" "description":
"Number of packets dropped due to default packet policy"
}, },
"defrag_error": { "defrag_error": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to defragmentation errors" "description":
"Number of packets dropped due to defragmentation errors"
}, },
"defrag_memcap": { "defrag_memcap": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to defrag memcap exception policy" "description":
"Number of packets dropped due to defrag memcap exception policy"
}, },
"flow_drop": { "flow_drop": {
"type": "integer", "type": "integer",
@ -6733,7 +6785,8 @@
}, },
"flow_memcap": { "flow_memcap": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to flow memcap exception policy" "description":
"Number of packets dropped due to flow memcap exception policy"
}, },
"nfq_error": { "nfq_error": {
"type": "integer", "type": "integer",
@ -6745,31 +6798,38 @@
}, },
"stream_error": { "stream_error": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to invalid TCP stream" "description":
"Number of packets dropped due to invalid TCP stream"
}, },
"stream_memcap": { "stream_memcap": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to stream memcap exception policy" "description":
"Number of packets dropped due to stream memcap exception policy"
}, },
"stream_midstream": { "stream_midstream": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to stream midstream exception policy" "description":
"Number of packets dropped due to stream midstream exception policy"
}, },
"stream_reassembly": { "stream_reassembly": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to stream reassembly exception policy" "description":
"Number of packets dropped due to stream reassembly exception policy"
}, },
"stream_urgent": { "stream_urgent": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to TCP urgent flag" "description":
"Number of packets dropped due to TCP urgent flag"
}, },
"threshold_detection_filter": { "threshold_detection_filter": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to threshold detection filter" "description":
"Number of packets dropped due to threshold detection filter"
}, },
"tunnel_packet_drop": { "tunnel_packet_drop": {
"type": "integer", "type": "integer",
"description": "Number of packets dropped due to inner tunnel packet being dropped" "description":
"Number of packets dropped due to inner tunnel packet being dropped"
} }
}, },
"description": "Number of dropped packets, grouped by drop reason" "description": "Number of dropped packets, grouped by drop reason"
@ -6790,7 +6850,8 @@
"properties": { "properties": {
"pressure": { "pressure": {
"type": "integer", "type": "integer",
"description": "Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http" "description":
"Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http"
}, },
"pressure_max": { "pressure_max": {
"type": "integer", "type": "integer",
@ -6961,7 +7022,8 @@
}, },
"tc_urgent_oob_data": { "tc_urgent_oob_data": {
"type": "integer", "type": "integer",
"description": "Number of Out-of-Band bytes sent by server using TCP urgent packets" "description":
"Number of Out-of-Band bytes sent by server using TCP urgent packets"
}, },
"tcp_flags": { "tcp_flags": {
"type": "string" "type": "string"
@ -6980,7 +7042,8 @@
}, },
"ts_urgent_oob_data": { "ts_urgent_oob_data": {
"type": "integer", "type": "integer",
"description": "Number of Out-of-Band bytes sent by client using TCP urgent packets" "description":
"Number of Out-of-Band bytes sent by client using TCP urgent packets"
}, },
"urg": { "urg": {
"type": "boolean" "type": "boolean"
@ -7413,7 +7476,8 @@
}, },
"tx_guessed": { "tx_guessed": {
"type": "boolean", "type": "boolean",
"description": "the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect" "description":
"the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect"
}, },
"tx_id": { "tx_id": {
"type": "integer" "type": "integer"
@ -7499,7 +7563,8 @@
}, },
"rdata_truncated": { "rdata_truncated": {
"type": "boolean", "type": "boolean",
"description": "Set to true if the rdata was too long and truncated by Suricata" "description":
"Set to true if the rdata was too long and truncated by Suricata"
}, },
"rrname": { "rrname": {
"type": "string", "type": "string",
@ -7512,7 +7577,8 @@
}, },
"rrname_truncated": { "rrname_truncated": {
"type": "boolean", "type": "boolean",
"description": "Set to true if the rrname was too long and truncated by Suricata" "description":
"Set to true if the rrname was too long and truncated by Suricata"
}, },
"rrtype": { "rrtype": {
"type": "string" "type": "string"
@ -7584,7 +7650,8 @@
"description": "Number of errors allocating memory" "description": "Number of errors allocating memory"
}, },
"exception_policy": { "exception_policy": {
"description": "How many times app-layer error exception policy was applied, and which one", "description":
"How many times app-layer error exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy" "$ref": "#/$defs/exceptionPolicy"
}, },
"gap": { "gap": {

Write Preview
Loading…
Cancel
Save