suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

detect/analyzer: add more details for tcp_seq - v3

Open 0xEniola opened this issue 1 year ago • 0 comments

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/6353

Previous PR: https://github.com/OISF/suricata/pull/9677

Describe changes:

  • Rebased the branch

Output:

{
    "raw":"alert tcp any any -> any any (msg:\"Testing seq\"; seq:723833; sid:2;)",
    "id":2,
    "gid":1,
    "rev":0,
    "msg":"Testing seq",
    "app_proto":"unknown",
    "requirements":[],
    "type":"pkt",
    "flags": [
        "src_any",
        "dst_any",
        "sp_any",
        "dp_any",
        "need_packet",
        "toserver",
        "toclient"
    ],
    "pkt_engines": [
        {
            "name":"packet",
            "is_mpm":false
        }
    ],
    "frame_engines": [],
    "lists": {
        "packet": {
            "matches": [
                {
                    "name":"tcp.seq",
                    "seq": {
                        "number":723833
                    }
                }
            ]
        }
    }
}

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1626

0xEniola avatar Jan 30 '24 17:01 0xEniola