suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

decode/ethertype: Event on unknown ethertype

Open jlucovsky opened this issue 5 months ago • 2 comments

Continuation of #11632

Issue: 7129

Create a decode/engine event if unknown ethertypes are observed.

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7129

Describe changes:

  • Add an event created when unknown ethertypes are observed
  • Update schema with event counter
  • Add rule for event.

Updates

  • Include the ethertype when ethernet information is logged.

Provide values to any of the below to override the defaults.

  • To use an LibHTP, Suricata-Verify or Suricata-Update pull request, link to the pull request in the respective _BRANCH variable.
  • Leave unused overrides blank or remove.

SV_REPO= SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1954 SU_REPO= SU_BRANCH= LIBHTP_REPO= LIBHTP_BRANCH=

jlucovsky avatar Oct 01 '24 13:10 jlucovsky