Feature #6457: eve: configurable list of fields in output - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #6457

open

eve: configurable list of fields in output

Added by Philippe Antoine 12 months ago. Updated 12 months ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Suricata should be able to get a schema.json as input :
This schema.json has a reduced number of fields compared to what Suricata can output.
The fields that are absent should not be output by Suricata (for instance we could have everything but dnp3.application.objects)

Related issues 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #6457

eve: configurable list of fields in output

Updated by Philippe Antoine 12 months ago

Updated by Victor Julien 12 months ago