|
|
|
|
@ -541,19 +541,20 @@ void EveAddVerdict(SCJsonBuilder *jb, const Packet *p)
|
|
|
|
|
{
|
|
|
|
|
SCJbOpenObject(jb, "verdict");
|
|
|
|
|
|
|
|
|
|
const uint8_t packet_action = PacketGetAction(p);
|
|
|
|
|
/* add verdict info */
|
|
|
|
|
if (PacketCheckAction(p, ACTION_REJECT_ANY)) {
|
|
|
|
|
if (packet_action & ACTION_REJECT_ANY) {
|
|
|
|
|
// check rule to define type of reject packet sent
|
|
|
|
|
if (EngineModeIsIPS()) {
|
|
|
|
|
JB_SET_STRING(jb, "action", "drop");
|
|
|
|
|
} else {
|
|
|
|
|
JB_SET_STRING(jb, "action", "alert");
|
|
|
|
|
}
|
|
|
|
|
if (PacketCheckAction(p, ACTION_REJECT)) {
|
|
|
|
|
if (packet_action & ACTION_REJECT) {
|
|
|
|
|
JB_SET_STRING(jb, "reject-target", "to_client");
|
|
|
|
|
} else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
|
|
|
|
|
} else if (packet_action & ACTION_REJECT_DST) {
|
|
|
|
|
JB_SET_STRING(jb, "reject-target", "to_server");
|
|
|
|
|
} else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
|
|
|
|
|
} else if (packet_action & ACTION_REJECT_BOTH) {
|
|
|
|
|
JB_SET_STRING(jb, "reject-target", "both");
|
|
|
|
|
}
|
|
|
|
|
SCJbOpenArray(jb, "reject");
|
|
|
|
|
@ -569,9 +570,9 @@ void EveAddVerdict(SCJsonBuilder *jb, const Packet *p)
|
|
|
|
|
}
|
|
|
|
|
SCJbClose(jb);
|
|
|
|
|
|
|
|
|
|
} else if (PacketCheckAction(p, ACTION_DROP) && EngineModeIsIPS()) {
|
|
|
|
|
} else if ((packet_action & ACTION_DROP) && EngineModeIsIPS()) {
|
|
|
|
|
JB_SET_STRING(jb, "action", "drop");
|
|
|
|
|
} else if (PacketCheckAction(p, ACTION_ACCEPT)) {
|
|
|
|
|
} else if (packet_action & ACTION_ACCEPT) {
|
|
|
|
|
JB_SET_STRING(jb, "action", "accept");
|
|
|
|
|
} else if (p->alerts.alerts[p->alerts.cnt].action & ACTION_PASS) {
|
|
|
|
|
JB_SET_STRING(jb, "action", "pass");
|
|
|
|
|
|
Victor Julien
3 weeks ago