aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

eve/schema: map tls fields to keywords

Browse Source
pull/12747/head
Victor Julien 5 months ago committed by Victor Julien
parent fc1dbf6eb4
commit b8ed01e23e
1 changed files with 172 additions and 18 deletions
Show Stats Download Patch File Download Diff File

190
etc/schema.json
Unescape Escape View File

@ -1298,7 +1298,8 @@
"additionalProperties": false "additionalProperties": false
}, },
"grouped": { "grouped": {
"desription": "DNS fields grouped by type: alternative format, no direct keywords", "desription":
"DNS fields grouped by type: alternative format, no direct keywords",
"type": "object", "type": "object",
"suricata": { "suricata": {
"keywords": false "keywords": false
@ -3828,6 +3829,11 @@
"additionalProperties": false "additionalProperties": false
}, },
"ja4": { "ja4": {
"suricata": {
"keywords": [
"ja4.hash"
]
},
"type": "string" "type": "string"
}, },
"sni": { "sni": {
@ -6736,52 +6742,116 @@
"type": "object", "type": "object",
"properties": { "properties": {
"certificate": { "certificate": {
"type": "string" "type": "string",
"suricata": {
"keywords": [
"tls.certs"
]
}
}, },
"chain": { "chain": {
"type": "array", "type": "array",
"minItems": 1, "minItems": 1,
"items": { "items": {
"type": "string" "type": "string"
},
"suricata": {
"keywords": [
"tls.certs",
"tls.cert_chain_len"
]
} }
}, },
"client": { "client": {
"type": "object", "type": "object",
"properties": { "properties": {
"certificate": { "certificate": {
"type": "string" "type": "string",
"suricata": {
"keywords": [
"tls.certs"
]
}
}, },
"chain": { "chain": {
"type": "array", "type": "array",
"minItems": 1, "minItems": 1,
"items": { "items": {
"type": "string" "type": "string"
},
"suricata": {
"keywords": [
"tls.certs",
"tls.cert_chain_len"
]
} }
}, },
"fingerprint": { "fingerprint": {
"type": "string" "type": "string",
"suricata": {
"keywords": [
"tls.cert_fingerprint",
"tls.fingerprint"
]
}
}, },
"issuerdn": { "issuerdn": {
"suricata": {
"keywords": [
"tls.cert_issuer",
"tls.issuerdn"
]
},
"type": "string" "type": "string"
}, },
"subjectaltname": { "subjectaltname": {
"description": "TLS Subject Alternative Name field", "description": "TLS Subject Alternative Name field",
"type": "array", "type": "array",
"suricata": {
"keywords": [
"tls.subjectaltname"
]
},
"items": { "items": {
"type": "string" "type": "string"
} }
}, },
"notafter": { "notafter": {
"$ref": "#/$defs/tls_date" "$ref": "#/$defs/tls_date",
"suricata": {
"keywords": [
"tls_cert_notafter",
"tls_cert_expired",
"tls_cert_valid"
]
}
}, },
"notbefore": { "notbefore": {
"$ref": "#/$defs/tls_date" "$ref": "#/$defs/tls_date",
"suricata": {
"keywords": [
"tls_cert_notbefore",
"tls_cert_expired",
"tls_cert_valid"
]
}
}, },
"serial": { "serial": {
"type": "string" "type": "string",
"suricata": {
"keywords": [
"tls.cert_serial"
]
}
}, },
"subject": { "subject": {
"type": "string" "type": "string",
"suricata": {
"keywords": [
"tls.cert_subject",
"tls.subject"
]
}
} }
}, },
"additionalProperties": false "additionalProperties": false
@ -6789,9 +6859,11 @@
"client_alpns": { "client_alpns": {
"description": "TLS client ALPN field(s)", "description": "TLS client ALPN field(s)",
"type": "array", "type": "array",
"suricata": { "suricata": {
"keywords": ["tls.alpn"] "keywords": [
}, "tls.alpn"
]
},
"items": { "items": {
"type": "string" "type": "string"
} }
@ -6799,54 +6871,121 @@
"server_alpns": { "server_alpns": {
"description": "TLS server ALPN field(s)", "description": "TLS server ALPN field(s)",
"type": "array", "type": "array",
"suricata": {
"keywords": [
"tls.alpn"
]
},
"items": { "items": {
"type": "string" "type": "string"
} }
}, },
"fingerprint": { "fingerprint": {
"type": "string" "type": "string",
"suricata": {
"keywords": [
"tls.cert_fingerprint",
"tls.fingerprint"
]
}
}, },
"from_proto": { "from_proto": {
"type": "string" "type": "string"
}, },
"issuerdn": { "issuerdn": {
"suricata": {
"keywords": [
"tls.cert_issuer",
"tls.issuerdn"
]
},
"type": "string" "type": "string"
}, },
"subjectaltname": { "subjectaltname": {
"description": "TLS Subject Alternative Name field", "description": "TLS Subject Alternative Name field",
"type": "array", "type": "array",
"suricata": {
"keywords": [
"tls.subjectaltname"
]
},
"items": { "items": {
"type": "string" "type": "string"
} }
}, },
"notafter": { "notafter": {
"$ref": "#/$defs/tls_date" "$ref": "#/$defs/tls_date",
"suricata": {
"keywords": [
"tls_cert_notafter",
"tls_cert_expired",
"tls_cert_valid"
]
}
}, },
"notbefore": { "notbefore": {
"$ref": "#/$defs/tls_date" "$ref": "#/$defs/tls_date",
"suricata": {
"keywords": [
"tls_cert_notbefore",
"tls_cert_expired",
"tls_cert_valid"
]
}
}, },
"serial": { "serial": {
"type": "string" "type": "string",
"suricata": {
"keywords": [
"tls.cert_serial"
]
}
}, },
"session_resumed": { "session_resumed": {
"type": "boolean" "type": "boolean"
}, },
"sni": { "sni": {
"type": "string" "type": "string",
"suricata": {
"keywords": [
"tls.sni"
]
}
}, },
"subject": { "subject": {
"type": "string" "type": "string",
"suricata": {
"keywords": [
"tls.cert_subject",
"tls.subject"
]
}
}, },
"version": { "version": {
"type": "string" "type": "string",
"suricata": {
"keywords": [
"tls.version"
]
}
}, },
"ja3": { "ja3": {
"type": "object", "type": "object",
"properties": { "properties": {
"hash": { "hash": {
"suricata": {
"keywords": [
"ja3.hash"
]
},
"type": "string" "type": "string"
}, },
"string": { "string": {
"suricata": {
"keywords": [
"ja3s.string"
]
},
"type": "string" "type": "string"
} }
}, },
@ -6856,15 +6995,30 @@
"type": "object", "type": "object",
"properties": { "properties": {
"hash": { "hash": {
"suricata": {
"keywords": [
"ja3s.hash"
]
},
"type": "string" "type": "string"
}, },
"string": { "string": {
"suricata": {
"keywords": [
"ja3s.string"
]
},
"type": "string" "type": "string"
} }
}, },
"additionalProperties": false "additionalProperties": false
}, },
"ja4": { "ja4": {
"suricata": {
"keywords": [
"ja4.hash"
]
},
"type": "string" "type": "string"
} }
}, },

Write Preview
Loading…
Cancel
Save