Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File data logging v2 #12080

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

File data logging v2 #12080

wants to merge 3 commits into from
+46 −7

Conversation

regit
Copy link
Contributor

@regit regit commented Nov 2, 2024
edited by victorjulien
Loading

Update of #12042

Contribution style:

Our Contribution agreements:

Changes (if applicable):

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7347

Describe changes:

  • Rebase on latest master
  • Remove conditional logging of sha256 and add comment
  • Add suricata-verify test

Provide values to any of the below to override the defaults.

  • To use an LibHTP, Suricata-Verify or Suricata-Update pull request,
    link to the pull request in the respective _BRANCH variable.
  • Leave unused overrides blank or remove.

SV_BRANCH=OISF/suricata-verify#2113

@regit
output/alert: optionally log file_data
fce0173 
This patch adds file data to alerts so an analyst can directly
understand what is the file. It can also be used to do some
detection on the file outside of Suricata without doing file
extraction.

Ticket: OISF#7347
@regit
doc/userguide: add file-data information
fd323e6
@regit
eve/file: add comment on unconditional sha256
1e7720c
@codecov Codecov
Copy link

codecov bot commented Nov 2, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 37.50000% with 15 lines in your changes missing coverage. Please review.

Project coverage is 79.79%. Comparing base (b1e7917) to head (1e7720c).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12080      +/-   ##
==========================================
- Coverage   83.37%   79.79%   -3.59%     
==========================================
  Files         910      910              
  Lines      257556   257399     -157     
==========================================
- Hits       214748   205383    -9365     
- Misses      42808    52016    +9208
Flag Coverage Δ
fuzzcorpus 61.55% <37.50%> (+<0.01%) ⬆️
livemode 19.41% <8.33%> (-0.01%) ⬇️
pcap 44.54% <37.50%> (+0.03%) ⬆️
suricata-verify ?
unittests 59.35% <0.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 23242

@victorjulien victorjulien marked this pull request as draft November 4, 2024 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@regit @suricata-qa