suricata
suricata copied to clipboard
OISF
output/reference: Include reference information in alert (if configured)
Continuation of #10988
When configured, include the reference value in the alert. The configuration value is in the alert section: types.alert.reference. The default value is off/no. Set to yes to include the expanded reference from the rule in the alert record.
Describe changes:
- Add
referencevalue to suricata.yaml.in (default no/off) - Set flag in output logger if the config setting is on
- Format the reference as a sequence, e.g.,
references: [ "ref-1" [, "ref-2" [, ...]]]
Updates:
- Added documentation
- Only output references object if there's at least one entry
Provide values to any of the below to override the defaults.
SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1808
Codecov Report
Attention: Patch coverage is 94.73684% with 1 lines in your changes are missing coverage. Please review.
Project coverage is 83.00%. Comparing base (
ad4185b) to head (5b66203). Report is 60 commits behind head on master.
Additional details and impacted files
@@ Coverage Diff @@
## master #10993 +/- ##
==========================================
+ Coverage 82.94% 83.00% +0.06%
==========================================
Files 918 917 -1
Lines 248784 248703 -81
==========================================
+ Hits 206351 206444 +93
+ Misses 42433 42259 -174
| Flag | Coverage Δ | |
|---|---|---|
| fuzzcorpus | 64.24% <15.78%> (-0.06%) |
:arrow_down: |
| suricata-verify | 62.72% <94.73%> (+0.05%) |
:arrow_up: |
| unittests | 62.32% <0.00%> (+0.03%) |
:arrow_up: |
Flags with carried forward coverage won't be shown. Click here to find out more.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Information:
ERROR: QA failed on SURI_TLPW2_autofp_suri_time.
| field | baseline | test | % |
|---|---|---|---|
| SURI_TLPW2_autofp_stats_chk | |||
| .uptime | 138 | 143 | 103.62% |
Pipeline 20448
