Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

createst: Allow to exclude certain fields #2115

Closed
wants to merge 1 commit into from
Closed

createst: Allow to exclude certain fields #2115

wants to merge 1 commit into from

Conversation

Nancyenos
Copy link
Contributor

Ticket: #4062

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/4062

Ticket

createst.py mytest mypcap --exclude-fields dest_port,tcp.ts_max_regions

Before:

 filter:
    count: 1
    match:
      app_proto: http
      dest_ip: 82.165.177.154
      event_type: flow
      flow.age: 0
      flow.alerted: false
      flow.bytes_toclient: 495
      flow.bytes_toserver: 425
      flow.pkts_toclient: 4
      flow.pkts_toserver: 6
      flow.reason: shutdown
      flow.state: closed
      proto: TCP
      src_ip: 10.16.1.11
      src_port: 54186
      tcp.ack: true
      tcp.fin: true
      tcp.psh: true
      tcp.state: closed
      tcp.syn: true
      tcp.tc_max_regions: 1
      tcp.tcp_flags: 1b
      tcp.tcp_flags_tc: 1b
      tcp.tcp_flags_ts: 1b
      tcp.ts_max_regions: 1

After:

filter:
    count: 1
    match:
      app_proto: http
      dest_ip: 82.165.177.154
      event_type: flow
      flow.age: 0
      flow.alerted: false
      flow.bytes_toclient: 495
      flow.bytes_toserver: 425
      flow.pkts_toclient: 4
      flow.pkts_toserver: 6
      flow.reason: shutdown
      flow.state: closed
      flow_id: 2019292059448498
      proto: TCP
      src_ip: 10.16.1.11
      src_port: 54186
      tcp.ack: true
      tcp.fin: true
      tcp.psh: true
      tcp.state: closed
      tcp.syn: true
      tcp.tc_max_regions: 1
      tcp.tcp_flags: 1b
      tcp.tcp_flags_tc: 1b
      tcp.tcp_flags_ts: 1b
      timestamp: 2016-07-13T22:42:07.011401+0000

@Nancyenos Nancyenos mentioned this pull request Nov 4, 2024
Closed
@jufajardini jufajardini added outreachy Contributions made by Outreachy applicants framework Has a suricata-verify framework change labels Nov 4, 2024
catenacyber
catenacyber reviewed Nov 18, 2024
View reviewed changes
createst.py
if "event_type" in md and md["event_type"] == "stats":
continue
all_content_list.append(md)
all_content_list.append(md)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit typo added space

@catenacyber
Copy link
Collaborator

catenacyber commented Nov 18, 2024
edited
Loading

timestamp: 2016-07-13T22:42:07.011401+0000should not be re-added

catenacyber
catenacyber reviewed Nov 18, 2024
View reviewed changes
createst.py
with open(eve_path, "r") as fp:
content = fp.read()
content_list = content.strip().split("\n")
jcontent_list = [json.loads(e) for e in content_list]
all_content_list = []
for e in jcontent_list:
md = {k: v for k, v in e.items() if k not in skip_fields}
md = exclude_nested_fields(e)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

skip_fields should till be used

catenacyber
catenacyber requested changes Nov 18, 2024
View reviewed changes
Copy link
Collaborator

@catenacyber catenacyber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

skip_fields should still be used

@Nancyenos
Copy link
Contributor Author

@catenacyber noted ...working on it

@Nancyenos
Copy link
Contributor Author

work continued in #2135

@Nancyenos Nancyenos closed this Nov 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber requested changes

Assignees
No one assigned
Labels
framework Has a suricata-verify framework change outreachy Contributions made by Outreachy applicants
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Nancyenos @catenacyber @jufajardini