Actions
Feature #4062
opencreatest: Allow to exclude certain fields
Effort:
Difficulty:
Label:
Outreachy, Python
Description
Certain fields from the filter blocks should be allowed to be skipped.
Expectation
createst.py mytest mypcap --exclude-fields dest_port,src_port
The final generated test.yaml should have filter blocks without these fields.
Example
Before
requires:
min-version: 5.0.0
features:
- HAVE_LIBJANSSON
args:
- -k none
checks:
- filter:
count: 1
match:
alert:
action: allowed
category: access to a potentially vulnerable web application
gid: 1
rev: 1
severity: 2
signature: no1
signature_id: 9000000
app_proto: http
dest_ip: 10.100.0.8
dest_port: 44270
event_type: alert
http:
hostname: www.abcdefghij.com
http_content_type: text/html
http_method: GET
http_refer: http://www.abcdefghij.com/abdeltat/login
http_user_agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.6) Gecko/2009011912
Firefox/3.0.6
length: 1483
protocol: HTTP/1.1
status: 401
url: /publication/pub.home/home.html
pcap_cnt: 14
proto: TCP
src_ip: 162.2.41.200
src_port: 80
After
requires:
min-version: 5.0.0
features:
- HAVE_LIBJANSSON
args:
- -k none
checks:
- filter:
count: 1
match:
alert:
action: allowed
category: access to a potentially vulnerable web application
gid: 1
rev: 1
severity: 2
signature: no1
signature_id: 9000000
app_proto: http
dest_ip: 10.100.0.8
event_type: alert
http:
hostname: www.abcdefghij.com
http_content_type: text/html
http_method: GET
http_refer: http://www.abcdefghij.com/abdeltat/login
http_user_agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.6) Gecko/2009011912
Firefox/3.0.6
length: 1483
protocol: HTTP/1.1
status: 401
url: /publication/pub.home/home.html
pcap_cnt: 14
proto: TCP
src_ip: 162.2.41.200
Actions