Feature #4062
opencreatest: Allow to exclude certain fields
Description
Certain fields from the filter blocks should be allowed to be skipped.
Expectation
createst.py mytest mypcap --exclude-fields dest_port,src_port
The final generated test.yaml should have filter blocks without these fields.
Example
Before
requires:
min-version: 5.0.0
features:
- HAVE_LIBJANSSON
args:
- -k none
checks:
- filter:
count: 1
match:
alert:
action: allowed
category: access to a potentially vulnerable web application
gid: 1
rev: 1
severity: 2
signature: no1
signature_id: 9000000
app_proto: http
dest_ip: 10.100.0.8
dest_port: 44270
event_type: alert
http:
hostname: www.abcdefghij.com
http_content_type: text/html
http_method: GET
http_refer: http://www.abcdefghij.com/abdeltat/login
http_user_agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.6) Gecko/2009011912
Firefox/3.0.6
length: 1483
protocol: HTTP/1.1
status: 401
url: /publication/pub.home/home.html
pcap_cnt: 14
proto: TCP
src_ip: 162.2.41.200
src_port: 80
After
requires:
min-version: 5.0.0
features:
- HAVE_LIBJANSSON
args:
- -k none
checks:
- filter:
count: 1
match:
alert:
action: allowed
category: access to a potentially vulnerable web application
gid: 1
rev: 1
severity: 2
signature: no1
signature_id: 9000000
app_proto: http
dest_ip: 10.100.0.8
event_type: alert
http:
hostname: www.abcdefghij.com
http_content_type: text/html
http_method: GET
http_refer: http://www.abcdefghij.com/abdeltat/login
http_user_agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.6) Gecko/2009011912
Firefox/3.0.6
length: 1483
protocol: HTTP/1.1
status: 401
url: /publication/pub.home/home.html
pcap_cnt: 14
proto: TCP
src_ip: 162.2.41.200
Updated by Shreya Gupta about 4 years ago
@shivani, I am not able to assign this ticket to myself. I can't see any option to change the assignee. Can you please help me out?
Updated by Shivani Bhardwaj about 4 years ago
Shreya Gupta wrote in #note-2:
@shivani, I am not able to assign this ticket to myself. I can't see any option to change the assignee. Can you please help me out?
Could you please try again. Please log out and log in.
Updated by Tharushi Jayasekara about 4 years ago
- Assignee changed from Community Ticket to Tharushi Jayasekara
Updated by Tharushi Jayasekara about 4 years ago
- Status changed from New to In Review
Updated by Juliana Fajardini Reichow 11 months ago
- Status changed from In Review to New
- Assignee changed from Tharushi Jayasekara to Community Ticket
Hi there, according to our guidelines for stale tickets, I'm unassigning this ticket.
Thanks for all your contributions to our project, and feel free to reach out in case you have time and want to contribute to Suricata again! <3 :) :)
Refer to:
https://forum.suricata.io/t/important-outreachy-contribution-phase-wrap-up-prs-claimed-tickets-and-more
https://docs.suricata.io/en/latest/devguide/codebase/contributing/contribution-process.html#stale-tickets-policy
Updated by Juliana Fajardini Reichow 11 months ago
If you'd like to claim this ticket, some follow-up work has been done here, but still needs rework: https://github.com/OISF/suricata-verify/pull/997
Updated by Nancy Enos 5 days ago
- Assignee changed from Community Ticket to Nancy Enos
i would like to work on this
Updated by Juliana Fajardini Reichow 3 days ago
- Status changed from New to In Review
PR for review: https://github.com/OISF/suricata-verify/pull/2110