aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c17df004ed'
${ noResults }
suricata/etc/schema.json

6211 lines
244 KiB
JSON
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{
"type": "object",
"additionalProperties": false,
"required": [
"event_type",
"timestamp"
],
"properties": {
"app_proto": {
"type": "string"
},
"app_proto_expected": {
"type": "string"
},
"app_proto_orig": {
"type": "string"
},
"app_proto_tc": {
"type": "string"
},
"app_proto_ts": {
"type": "string"
},
"capture_file": {
"type": "string"
},
"community_id": {
"type": "string"
},
"dest_ip": {
"type": "string"
},
"dest_port": {
"type": "integer"
},
"event_type": {
"type": "string"
},
"flow_id": {
"type": "integer"
},
"host": {
"$comment":
"May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919",
"description": "the sensor-name, if configured",
"type": "string"
},
"icmp_code": {
"type": "integer"
},
"icmp_type": {
"type": "integer"
},
"in_iface": {
"type": "string"
},
"log_level": {
"type": "string"
},
"packet": {
"type": "string"
},
"parent_id": {
"type": "integer"
},
"payload": {
"type": "string"
},
"payload_printable": {
"type": "string"
},
"pcap_cnt": {
"type": "integer"
},
"pcap_filename": {
"type": "string"
},
"pkt_src": {
"type": "string"
},
"proto": {
"type": "string"
},
"response_icmp_code": {
"type": "integer"
},
"response_icmp_type": {
"type": "integer"
},
"spi": {
"type": "integer"
},
"src_ip": {
"type": "string"
},
"src_port": {
"type": "integer"
},
"stream": {
"type": "integer"
},
"timestamp": {
"type": "string",
"pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d+[+\\-]\\d+$"
},
"verdict": {
"$ref": "#/$defs/verdict_type"
},
"direction": {
"type": "string"
},
"tx_id": {
"type": "integer"
},
"files": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"end": {
"type": "integer"
},
"filename": {
"type": "string"
},
"file_id": {
"type": "integer"
},
"gaps": {
"type": "boolean"
},
"magic": {
"type": "string"
},
"md5": {
"type": "string"
},
"sha1": {
"type": "string"
},
"sha256": {
"type": "string"
},
"size": {
"type": "integer"
},
"start": {
"type": "integer"
},
"state": {
"type": "string"
},
"stored": {
"type": "boolean"
},
"storing": {
"description": "the file is set to be stored when completed",
"type": "boolean"
},
"tx_id": {
"type": "integer"
},
"sid": {
"type": "array",
"minItems": 1,
"items": {
"type": "integer"
}
}
}
}
},
"vlan": {
"type": "array",
"minItems": 1,
"items": {
"type": "number"
}
},
"alert": {
"type": "object",
"properties": {
"action": {
"type": "string"
},
"category": {
"type": "string"
},
"gid": {
"type": "integer"
},
"rev": {
"type": "integer"
},
"rule": {
"type": "string"
},
"severity": {
"type": "integer"
},
"signature": {
"type": "string"
},
"signature_id": {
"type": "integer"
},
"xff": {
"type": "string"
},
"metadata": {
"type": "object",
"properties": {
"affected_product": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"attack_target": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"created_at": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"deployment": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"former_category": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"malware_family": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"policy": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"signature_severity": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"tag": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"updated_at": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": true
},
"source": {
"type": "object",
"properties": {
"ip": {
"type": "string"
},
"port": {
"type": "integer"
}
},
"additionalProperties": false
},
"target": {
"type": "object",
"properties": {
"ip": {
"type": "string"
},
"port": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"stream_tcp": {
"type": "object",
"additionalProperties": true
},
"anomaly": {
"type": "object",
"properties": {
"app_proto": {
"type": "string"
},
"event": {
"type": "string"
},
"layer": {
"type": "string"
},
"type": {
"type": "string"
}
},
"additionalProperties": false
},
"arp": {
"type": "object",
"optional": true,
"properties": {
"hw_type": {
"type": "string",
"description": "Network link protocol type"
},
"proto_type": {
"type": "string",
"description": "Internetwork protocol for which the ARP request is intended"
},
"opcode": {
"type": "string",
"description": "Specifies the operation that the sender is performing"
},
"src_mac": {
"type": "string",
"description": "Physical address of the sender"
},
"src_ip": {
"type": "string",
"description": "Logical address of the sender"
},
"dest_mac": {
"type": "string",
"description": "Physical address of the intended receiver"
},
"dest_ip": {
"type": "string",
"description": "Logical address of the intended receiver"
}
},
"additionalProperties": false
},
"bittorrent_dht": {
"type": "object",
"properties": {
"transaction_id": {
"type": "string"
},
"client_version": {
"type": "string"
},
"request_type": {
"type": "string"
},
"request": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
},
"target": {
"type": "string"
},
"implied_port": {
"type": "integer"
},
"info_hash": {
"type": "string"
},
"port": {
"type": "integer"
},
"token": {
"type": "string"
}
}
},
"response": {
"type": "object",
"additionalProperties": false,
"required": [
"id"
],
"properties": {
"id": {
"type": "string"
},
"nodes": {
"type": "array",
"items": {
"type": "object",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"ip",
"port"
],
"properties": {
"id": {
"type": "string"
},
"ip": {
"type": "string"
},
"port": {
"type": "number"
}
}
}
}
},
"nodes6": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"ip",
"port"
],
"properties": {
"id": {
"type": "string"
},
"ip": {
"type": "string"
},
"port": {
"type": "number"
}
}
}
},
"token": {
"type": "string"
},
"values": {
"type": "array",
"items": {
"type": "object"
}
}
}
},
"error": {
"type": "object",
"additionalProperties": false,
"properties": {
"num": {
"type": "integer"
},
"msg": {
"type": "string"
}
}
}
},
"additionalProperties": false
},
"dcerpc": {
"type": "object",
"properties": {
"activityuuid": {
"type": "string"
},
"call_id": {
"type": "integer"
},
"request": {
"type": "string"
},
"response": {
"type": "string"
},
"rpc_version": {
"type": "string"
},
"seqnum": {
"type": "integer"
},
"interfaces": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"ack_result": {
"type": "integer"
},
"uuid": {
"type": "string"
},
"version": {
"type": "string"
}
},
"additionalProperties": false
}
},
"req": {
"type": "object",
"properties": {
"frag_cnt": {
"type": "integer"
},
"opnum": {
"type": "integer"
},
"stub_data_size": {
"type": "integer"
}
},
"additionalProperties": false
},
"res": {
"type": "object",
"properties": {
"frag_cnt": {
"type": "integer"
},
"stub_data_size": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"dhcp": {
"type": "object",
"properties": {
"assigned_ip": {
"type": "string"
},
"client_id": {
"type": "string"
},
"client_ip": {
"type": "string"
},
"client_mac": {
"type": "string"
},
"dhcp_type": {
"type": "string"
},
"hostname": {
"type": "string"
},
"id": {
"type": "integer"
},
"lease_time": {
"type": "integer"
},
"next_server_ip": {
"type": "string"
},
"rebinding_time": {
"type": "integer"
},
"relay_ip": {
"type": "string"
},
"renewal_time": {
"type": "integer"
},
"requested_ip": {
"type": "string"
},
"subnet_mask": {
"type": "string"
},
"type": {
"type": "string"
},
"vendor_class_identifier": {
"type": "string"
},
"dns_servers": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"params": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"routers": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"dnp3": {
"type": "object",
"properties": {
"dst": {
"type": "integer"
},
"src": {
"type": "integer"
},
"type": {
"type": "string"
},
"application": {
"type": "object",
"properties": {
"complete": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"objects": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"count": {
"type": "integer"
},
"group": {
"type": "integer"
},
"prefix_code": {
"type": "integer"
},
"qualifier": {
"type": "integer"
},
"range_code": {
"type": "integer"
},
"start": {
"type": "integer"
},
"stop": {
"type": "integer"
},
"variation": {
"type": "integer"
},
"points": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": true
}
}
},
"additionalProperties": false
}
},
"control": {
"type": "object",
"properties": {
"con": {
"type": "boolean"
},
"fin": {
"type": "boolean"
},
"fir": {
"type": "boolean"
},
"sequence": {
"type": "integer"
},
"uns": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"control": {
"type": "object",
"properties": {
"dir": {
"type": "boolean"
},
"fcb": {
"type": "boolean"
},
"fcv": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"pri": {
"type": "boolean"
}
},
"additionalProperties": false
},
"iin": {
"type": "object",
"properties": {
"indicators": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"request": {
"type": "object",
"properties": {
"dst": {
"type": "integer"
},
"src": {
"type": "integer"
},
"type": {
"type": "string"
},
"application": {
"type": "object",
"properties": {
"complete": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"objects": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"count": {
"type": "integer"
},
"group": {
"type": "integer"
},
"prefix_code": {
"type": "integer"
},
"qualifier": {
"type": "integer"
},
"range_code": {
"type": "integer"
},
"start": {
"type": "integer"
},
"stop": {
"type": "integer"
},
"variation": {
"type": "integer"
},
"points": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": true
}
}
},
"additionalProperties": false
}
},
"control": {
"type": "object",
"properties": {
"con": {
"type": "boolean"
},
"fin": {
"type": "boolean"
},
"fir": {
"type": "boolean"
},
"sequence": {
"type": "integer"
},
"uns": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"control": {
"type": "object",
"properties": {
"dir": {
"type": "boolean"
},
"fcb": {
"type": "boolean"
},
"fcv": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"pri": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"properties": {
"dst": {
"type": "integer"
},
"src": {
"type": "integer"
},
"type": {
"type": "string"
},
"application": {
"type": "object",
"properties": {
"complete": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"objects": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"count": {
"type": "integer"
},
"group": {
"type": "integer"
},
"prefix_code": {
"type": "integer"
},
"qualifier": {
"type": "integer"
},
"range_code": {
"type": "integer"
},
"start": {
"type": "integer"
},
"stop": {
"type": "integer"
},
"variation": {
"type": "integer"
},
"points": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": true
}
}
},
"additionalProperties": false
}
},
"control": {
"type": "object",
"properties": {
"con": {
"type": "boolean"
},
"fin": {
"type": "boolean"
},
"fir": {
"type": "boolean"
},
"sequence": {
"type": "integer"
},
"uns": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"control": {
"type": "object",
"properties": {
"dir": {
"type": "boolean"
},
"fcb": {
"type": "boolean"
},
"fcv": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"pri": {
"type": "boolean"
}
},
"additionalProperties": false
},
"iin": {
"type": "object",
"properties": {
"indicators": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"dns": {
"type": "object",
"properties": {
"aa": {
"type": "boolean"
},
"flags": {
"type": "string"
},
"id": {
"type": "integer"
},
"qr": {
"type": "boolean"
},
"ra": {
"type": "boolean"
},
"rcode": {
"type": "string"
},
"rd": {
"type": "boolean"
},
"rrname": {
"type": "string"
},
"rrtype": {
"type": "string"
},
"tx_id": {
"type": "integer"
},
"type": {
"type": "string"
},
"version": {
"type": "integer"
},
"opcode": {
"description": "DNS opcode as an integer",
"type": "integer"
},
"tc": {
"description": "DNS truncation flag",
"type": "boolean"
},
"answers": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"rdata": {
"type": "string"
},
"rrname": {
"type": "string"
},
"rrtype": {
"type": "string"
},
"ttl": {
"type": "integer"
},
"srv": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"port": {
"type": "integer"
},
"priority": {
"type": "integer"
},
"weight": {
"type": "integer"
}
},
"additionalProperties": false
},
"sshfp": {
"description":
"A Secure Shell fingerprint, used to verify the systems authenticity",
"type": "object",
"properties": {
"fingerprint": {
"type": "string"
},
"algo": {
"type": "integer"
},
"type": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"authorities": {
"$ref": "#/$defs/dns.authorities"
},
"query": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"rrname": {
"type": "string"
},
"rrtype": {
"type": "string"
},
"tx_id": {
"type": "integer"
},
"type": {
"type": "string"
},
"z": {
"type": "boolean"
},
"opcode": {
"description": "DNS opcode as an integer",
"type": "integer"
}
},
"additionalProperties": false
}
},
"answer": {
"type": "object",
"properties": {
"flags": {
"type": "string"
},
"id": {
"type": "integer"
},
"qr": {
"type": "boolean"
},
"ra": {
"type": "boolean"
},
"rcode": {
"type": "string"
},
"rd": {
"type": "boolean"
},
"rrname": {
"type": "string"
},
"rrtype": {
"type": "string"
},
"type": {
"type": "string"
},
"version": {
"type": "integer"
},
"opcode": {
"description": "DNS opcode as an integer",
"type": "integer"
},
"authorities": {
"$ref": "#/$defs/dns.authorities"
}
},
"additionalProperties": false
},
"grouped": {
"type": "object",
"properties": {
"A": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"AAAA": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"CNAME": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"MX": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"NS": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"NULL": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"PTR": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"SRV": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"port": {
"type": "integer"
},
"priority": {
"type": "integer"
},
"weight": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"TXT": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"SSHFP": {
"description":
"A Secure Shell fingerprint is used to verify the systems authenticity",
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"fingerprint": {
"type": "string"
},
"algo": {
"type": "integer"
},
"type": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
},
"z": {
"type": "boolean"
}
},
"additionalProperties": false
},
"drop": {
"type": "object",
"properties": {
"ack": {
"type": "boolean"
},
"fin": {
"type": "boolean"
},
"flowlbl": {
"type": "integer"
},
"hoplimit": {
"type": "integer"
},
"tc": {
"type": "integer"
},
"icmp_id": {
"type": "integer"
},
"icmp_seq": {
"type": "integer"
},
"ipid": {
"type": "integer"
},
"len": {
"type": "integer"
},
"psh": {
"type": "boolean"
},
"rst": {
"type": "boolean"
},
"syn": {
"type": "boolean"
},
"tcpack": {
"type": "integer"
},
"tcpres": {
"type": "integer"
},
"tcpseq": {
"type": "integer"
},
"tcpurgp": {
"type": "integer"
},
"tcpwin": {
"type": "integer"
},
"tos": {
"type": "integer"
},
"ttl": {
"type": "integer"
},
"udplen": {
"type": "integer"
},
"urg": {
"type": "boolean"
},
"reason": {
"type": "string"
},
"verdict": {
"$ref": "#/$defs/verdict_type"
}
},
"additionalProperties": false
},
"email": {
"type": "object",
"properties": {
"body_md5": {
"type": "string"
},
"cc": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"date": {
"type": "string"
},
"from": {
"type": "string"
},
"has_exe_url": {
"type": "boolean"
},
"has_ipv4_url": {
"type": "boolean"
},
"has_ipv6_url": {
"type": "boolean"
},
"received": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"status": {
"type": "string"
},
"subject": {
"type": "string"
},
"subject_md5": {
"type": "string"
},
"to": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"url": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"x_mailer": {
"type": "string"
},
"attachment": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"message_id": {
"type": "string"
}
},
"additionalProperties": false
},
"engine": {
"type": "object",
"properties": {
"error": {
"type": "string"
},
"error_code": {
"type": "integer"
},
"message": {
"type": "string"
},
"thread_name": {
"type": "string"
},
"module": {
"type": "string"
}
},
"additionalProperties": false
},
"ether": {
"type": "object",
"properties": {
"dest_mac": {
"type": "string"
},
"src_mac": {
"type": "string"
},
"dest_macs": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"src_macs": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"fileinfo": {
"type": "object",
"properties": {
"end": {
"type": "integer"
},
"file_id": {
"type": "integer"
},
"filename": {
"type": "string"
},
"gaps": {
"type": "boolean"
},
"magic": {
"type": "string"
},
"md5": {
"type": "string"
},
"sha1": {
"type": "string"
},
"sha256": {
"type": "string"
},
"size": {
"type": "integer"
},
"start": {
"type": "integer"
},
"state": {
"type": "string"
},
"stored": {
"type": "boolean"
},
"storing": {
"description": "the file is set to be stored when completed",
"type": "boolean"
},
"tx_id": {
"type": "integer"
},
"sid": {
"type": "array",
"minItems": 1,
"items": {
"type": "integer"
}
}
},
"additionalProperties": false
},
"flow": {
"type": "object",
"properties": {
"action": {
"type": "string"
},
"age": {
"type": "integer"
},
"alerted": {
"type": "boolean"
},
"bypass": {
"type": "string"
},
"bypassed": {
"type": "object",
"properties": {
"pkts_toserver": {
"type": "integer"
},
"pkts_toclient": {
"type": "integer"
},
"bytes_toserver": {
"type": "integer"
},
"bytes_toclient": {
"type": "integer"
}
},
"additionalProperties": false
},
"bytes_toclient": {
"type": "integer"
},
"bytes_toserver": {
"type": "integer"
},
"dest_ip": {
"type": "string"
},
"dest_port": {
"type": "integer"
},
"emergency": {
"type": "boolean"
},
"end": {
"type": "string"
},
"pkts_toclient": {
"type": "integer"
},
"pkts_toserver": {
"type": "integer"
},
"reason": {
"type": "string"
},
"src_ip": {
"type": "string"
},
"src_port": {
"type": "integer"
},
"start": {
"type": "string"
},
"state": {
"type": "string"
},
"wrong_thread": {
"type": "boolean"
}
},
"additionalProperties": false
},
"frame": {
"type": "object",
"properties": {
"type": {
"type": "string"
},
"id": {
"type": "integer"
},
"direction": {
"type": "string"
},
"stream_offset": {
"type": "integer"
},
"length": {
"type": "integer"
},
"complete": {
"type": "boolean"
},
"payload": {
"type": "string"
},
"payload_printable": {
"type": "string"
},
"tx_id": {
"type": "integer"
}
},
"additionalProperties": false
},
"ftp": {
"type": "object",
"properties": {
"command": {
"type": "string"
},
"command_data": {
"type": "string"
},
"command_truncated": {
"type": "boolean"
},
"dynamic_port": {
"type": "integer"
},
"mode": {
"type": "string"
},
"reply_received": {
"type": "string"
},
"reply_truncated": {
"type": "boolean"
},
"completion_code": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"reply": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"ftp_data": {
"type": "object",
"properties": {
"command": {
"type": "string"
},
"filename": {
"type": "string"
}
},
"additionalProperties": false
},
"http": {
"type": "object",
"properties": {
"hostname": {
"type": "string"
},
"http_content_type": {
"type": "string"
},
"http_method": {
"type": "string"
},
"http_port": {
"type": "integer"
},
"http_refer": {
"type": "string"
},
"http_response_body": {
"type": "string"
},
"http_response_body_printable": {
"type": "string"
},
"http_user_agent": {
"type": "string"
},
"length": {
"type": "integer"
},
"org_src_ip": {
"type": "string"
},
"protocol": {
"type": "string"
},
"redirect": {
"type": "string"
},
"status": {
"type": "integer"
},
"true_client_ip": {
"type": "string"
},
"url": {
"type": "string"
},
"version": {
"type": "string"
},
"x_bluecoat_via": {
"type": "string"
},
"xff": {
"type": "string"
},
"request_headers": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"table_size_update": {
"type": "integer"
},
"value": {
"type": "string"
}
},
"additionalProperties": false
}
},
"response_headers": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"table_size_update": {
"type": "integer"
},
"value": {
"type": "string"
}
},
"additionalProperties": false
}
},
"content_range": {
"type": "object",
"properties": {
"end": {
"type": "integer"
},
"raw": {
"type": "string"
},
"size": {
"type": "integer"
},
"start": {
"type": "integer"
}
},
"additionalProperties": false
},
"http2": {
"type": "object",
"properties": {
"stream_id": {
"type": "integer"
},
"request": {
"type": "object",
"properties": {
"error_code": {
"type": "string"
},
"priority": {
"type": "integer"
},
"settings": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"settings_id": {
"type": "string"
},
"settings_value": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"properties": {
"error_code": {
"type": "string"
},
"settings": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"settings_id": {
"type": "string"
},
"settings_value": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"ike": {
"type": "object",
"optional": true,
"properties": {
"alg_auth": {
"type": "string"
},
"alg_auth_raw": {
"type": "integer"
},
"alg_dh": {
"type": "string"
},
"alg_dh_raw": {
"type": "integer"
},
"alg_enc": {
"type": "string"
},
"alg_enc_raw": {
"type": "integer"
},
"alg_hash": {
"type": "string"
},
"alg_hash_raw": {
"type": "integer"
},
"exchange_type": {
"type": "integer"
},
"exchange_type_verbose": {
"type": "string"
},
"init_spi": {
"type": "string"
},
"message_id": {
"type": "integer"
},
"resp_spi": {
"type": "string"
},
"role": {
"type": "string"
},
"sa_key_length": {
"type": "string"
},
"sa_key_length_raw": {
"type": "integer"
},
"sa_life_duration": {
"type": "string"
},
"sa_life_duration_raw": {
"type": "integer"
},
"sa_life_type": {
"type": "string"
},
"sa_life_type_raw": {
"type": "integer"
},
"version_major": {
"type": "integer"
},
"version_minor": {
"type": "integer"
},
"payload": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"ikev1": {
"type": "object",
"properties": {
"doi": {
"type": "integer"
},
"encrypted_payloads": {
"type": "boolean"
},
"vendor_ids": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"client": {
"type": "object",
"properties": {
"key_exchange_payload": {
"type": "string"
},
"key_exchange_payload_length": {
"type": "integer"
},
"nonce_payload": {
"type": "string"
},
"nonce_payload_length": {
"type": "integer"
},
"proposals": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"alg_auth": {
"type": "string"
},
"alg_auth_raw": {
"type": "integer"
},
"alg_dh": {
"type": "string"
},
"alg_dh_raw": {
"type": "integer"
},
"alg_enc": {
"type": "string"
},
"alg_enc_raw": {
"type": "integer"
},
"alg_hash": {
"type": "string"
},
"alg_hash_raw": {
"type": "integer"
},
"sa_key_length": {
"type": "string"
},
"sa_key_length_raw": {
"type": "integer"
},
"sa_life_duration": {
"type": "string"
},
"sa_life_duration_raw": {
"type": "integer"
},
"sa_life_type": {
"type": "string"
},
"sa_life_type_raw": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
},
"server": {
"type": "object",
"properties": {
"key_exchange_payload": {
"type": "string"
},
"key_exchange_payload_length": {
"type": "integer"
},
"nonce_payload": {
"type": "string"
},
"nonce_payload_length": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"ikev2": {
"type": "object",
"properties": {
"errors": {
"type": "integer"
},
"notify": {
"type": "array"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"krb5": {
"type": "object",
"optional": true,
"properties": {
"cname": {
"type": "string"
},
"encryption": {
"type": "string"
},
"error_code": {
"type": "string"
},
"failed_request": {
"type": "string"
},
"msg_type": {
"type": "string"
},
"realm": {
"type": "string"
},
"sname": {
"type": "string"
},
"ticket_encryption": {
"type": "string"
},
"ticket_weak_encryption": {
"type": "boolean"
},
"weak_encryption": {
"type": "boolean"
}
},
"additionalProperties": false
},
"metadata": {
"type": "object",
"optional": true,
"properties": {
"flowbits": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"flowvars": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"gid": {
"type": "string"
},
"key": {
"type": "string"
},
"value": {
"type": "string"
}
},
"additionalProperties": true
}
},
"pktvars": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"uid": {
"type": "string"
},
"username": {
"type": "string"
}
},
"additionalProperties": false
}
},
"flowints": {
"type": "object",
"additionalProperties": true
}
},
"additionalProperties": false
},
"modbus": {
"type": "object",
"optional": true,
"properties": {
"id": {
"type": "integer"
},
"request": {
"type": "object",
"properties": {
"access_type": {
"type": "string"
},
"category": {
"type": "string"
},
"data": {
"type": "string"
},
"error_flags": {
"type": "string"
},
"function_code": {
"type": "string"
},
"function_raw": {
"type": "integer"
},
"protocol_id": {
"type": "integer"
},
"transaction_id": {
"type": "integer"
},
"unit_id": {
"type": "integer"
},
"diagnostic": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"data": {
"type": "string"
},
"raw": {
"type": "integer"
}
},
"additionalProperties": false
},
"mei": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"data": {
"type": "string"
},
"raw": {
"type": "integer"
}
},
"additionalProperties": false
},
"read": {
"type": "object",
"properties": {
"address": {
"type": "integer"
},
"quantity": {
"type": "integer"
}
},
"additionalProperties": false
},
"write": {
"type": "object",
"properties": {
"address": {
"type": "integer"
},
"data": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"properties": {
"access_type": {
"type": "string"
},
"category": {
"type": "string"
},
"data": {
"type": "string"
},
"error_flags": {
"type": "string"
},
"function_code": {
"type": "string"
},
"function_raw": {
"type": "integer"
},
"protocol_id": {
"type": "integer"
},
"transaction_id": {
"type": "integer"
},
"unit_id": {
"type": "integer"
},
"diagnostic": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"data": {
"type": "string"
},
"raw": {
"type": "integer"
}
},
"additionalProperties": false
},
"exception": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"raw": {
"type": "integer"
}
},
"additionalProperties": false
},
"read": {
"type": "object",
"properties": {
"data": {
"type": "string"
}
},
"additionalProperties": false
},
"write": {
"type": "object",
"properties": {
"address": {
"type": "integer"
},
"data": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"mqtt": {
"type": "object",
"optional": true,
"properties": {
"connack": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"return_code": {
"type": "integer"
},
"session_present": {
"type": "boolean"
},
"properties": {
"type": "object",
"additionalProperties": true
}
},
"additionalProperties": false
},
"connect": {
"type": "object",
"properties": {
"client_id": {
"type": "string"
},
"dup": {
"type": "boolean"
},
"password": {
"type": "string"
},
"protocol_string": {
"type": "string"
},
"protocol_version": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"username": {
"type": "string"
},
"flags": {
"type": "object",
"properties": {
"clean_session": {
"type": "boolean"
},
"password": {
"type": "boolean"
},
"username": {
"type": "boolean"
},
"will": {
"type": "boolean"
},
"will_retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"properties": {
"type": "object",
"additionalProperties": true
},
"will": {
"type": "object",
"properties": {
"message": {
"type": "string"
},
"topic": {
"type": "string"
},
"properties": {
"type": "object",
"additionalProperties": true
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"disconnect": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"qos": {
"type": "integer"
},
"reason_code": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"properties": {
"type": "object",
"additionalProperties": true
}
},
"additionalProperties": false
},
"pingreq": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"pingresp": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"puback": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"reason_code": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"pubcomp": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"reason_code": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"publish": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message": {
"type": "string"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"skipped_length": {
"type": "integer"
},
"topic": {
"type": "string"
},
"truncated": {
"type": "boolean"
},
"properties": {
"type": "object",
"additionalProperties": true
}
},
"additionalProperties": false
},
"pubrec": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"reason_code": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"pubrel": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"reason_code": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"suback": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"qos_granted": {
"type": "array",
"minItems": 1,
"items": {
"type": "integer"
}
}
},
"additionalProperties": false
},
"subscribe": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"topics": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"qos": {
"type": "integer"
},
"topic": {
"type": "string"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
},
"unsuback": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"reason_codes": {
"type": "array",
"minItems": 1,
"items": {
"type": "integer"
}
}
},
"additionalProperties": false
},
"unsubscribe": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"topics": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"netflow": {
"type": "object",
"optional": true,
"properties": {
"age": {
"type": "integer"
},
"bytes": {
"type": "integer"
},
"end": {
"type": "string"
},
"max_ttl": {
"type": "integer"
},
"min_ttl": {
"type": "integer"
},
"pkts": {
"type": "integer"
},
"start": {
"type": "string"
}
},
"additionalProperties": false
},
"nfs": {
"type": "object",
"optional": true,
"properties": {
"file_tx": {
"type": "boolean"
},
"filename": {
"type": "string"
},
"hhash": {
"type": "string"
},
"id": {
"type": "integer"
},
"procedure": {
"type": "string"
},
"status": {
"type": "string"
},
"type": {
"type": "string"
},
"version": {
"type": "integer"
},
"read": {
"type": "object",
"optional": true,
"properties": {
"chunks": {
"type": "integer"
},
"first": {
"type": "boolean"
},
"last": {
"type": "boolean"
},
"last_xid": {
"type": "integer"
}
},
"additionalProperties": false
},
"rename": {
"type": "object",
"optional": true,
"properties": {
"from": {
"type": "string"
},
"to": {
"type": "string"
}
},
"additionalProperties": false
},
"write": {
"type": "object",
"optional": true,
"properties": {
"chunks": {
"type": "integer"
},
"first": {
"type": "boolean"
},
"last": {
"type": "boolean"
},
"last_xid": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"packet_info": {
"type": "object",
"optional": true,
"properties": {
"linktype": {
"type": "integer"
}
},
"additionalProperties": false
},
"pgsql": {
"type": "object",
"optional": true,
"properties": {
"request": {
"type": "object",
"properties": {
"message": {
"type": "string"
},
"password": {
"type": "string"
},
"password_message": {
"type": "string"
},
"process_id": {
"type": "integer"
},
"protocol_version": {
"type": "string"
},
"sasl_authentication_mechanism": {
"type": "string"
},
"sasl_param": {
"type": "string"
},
"sasl_response": {
"type": "string"
},
"secret_key": {
"type": "integer"
},
"simple_query": {
"type": "string"
},
"startup_parameters": {
"type": "object",
"properties": {
"optional_parameters": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"application_name": {
"type": "string"
},
"client_encoding": {
"type": "string"
},
"database": {
"type": "string"
},
"datestyle": {
"type": "string"
},
"extra_float_digits": {
"type": "string"
},
"options": {
"type": "string"
},
"replication": {
"type": "string"
}
},
"additionalProperties": true
}
},
"user": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"properties": {
"authentication_md5_password": {
"type": "string"
},
"authentication_sasl_final": {
"type": "string"
},
"code": {
"type": "string"
},
"command_completed": {
"type": "string"
},
"data_rows": {
"type": "integer"
},
"data_size": {
"type": "integer"
},
"field_count": {
"type": "integer"
},
"file": {
"type": "string"
},
"line": {
"type": "string"
},
"message": {
"type": "string"
},
"parameter_status": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"application_name": {
"type": "string"
},
"client_encoding": {
"type": "string"
},
"date_style": {
"type": "string"
},
"integer_datetimes": {
"type": "string"
},
"interval_style": {
"type": "string"
},
"is_superuser": {
"type": "string"
},
"server_encoding": {
"type": "string"
},
"server_version": {
"type": "string"
},
"session_authorization": {
"type": "string"
},
"standard_conforming_strings": {
"type": "string"
},
"time_zone": {
"type": "string"
}
},
"additionalProperties": true
}
},
"process_id": {
"type": "integer"
},
"routine": {
"type": "string"
},
"secret_key": {
"type": "integer"
},
"severity_localizable": {
"type": "string"
},
"severity_non_localizable": {
"type": "string"
},
"ssl_accepted": {
"type": "boolean"
}
},
"additionalProperties": false
},
"tx_id": {
"type": "integer"
}
},
"additionalProperties": false
},
"quic": {
"type": "object",
"optional": true,
"properties": {
"cyu": {
"description":
"ja3-like fingerprint for versions of QUIC before standardization",
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"hash": {
"description": "cyu hash hex representation",
"type": "string"
},
"string": {
"description": "cyu hash string representation",
"type": "string"
}
},
"additionalProperties": false
}
},
"extensions": {
"description": "list of extensions in hello",
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"name": {
"description": "human-friendly name of the extension",
"type": "string"
},
"type": {
"description": "integer identifier of the extension",
"type": "integer"
},
"values": {
"description": "extension values",
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"ja3": {
"description": "ja3 from client, as in TLS",
"type": "object",
"optional": true,
"properties": {
"hash": {
"description": "ja3 hex representation",
"type": "string"
},
"string": {
"description": "ja3 string representation",
"type": "string"
}
},
"additionalProperties": false
},
"ja3s": {
"description": "ja3 from server, as in TLS",
"type": "object",
"optional": true,
"properties": {
"hash": {
"description": "ja3s hex representation",
"type": "string"
},
"string": {
"description": "ja3s string representation",
"type": "string"
}
},
"additionalProperties": false
},
"ja4": {
"type": "string"
},
"sni": {
"description": "Server Name Indication",
"type": "string"
},
"ua": {
"description": "User Agent for versions of QUIC before standardization",
"type": "string"
},
"version": {
"description": "Quic protocol version",
"type": "string"
}
},
"additionalProperties": false
},
"rdp": {
"type": "object",
"optional": true,
"properties": {
"cookie": {
"type": "string"
},
"event_type": {
"type": "string"
},
"tx_id": {
"type": "integer"
},
"channels": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"client": {
"type": "object",
"properties": {
"build": {
"type": "string"
},
"client_name": {
"type": "string"
},
"color_depth": {
"type": "integer"
},
"desktop_height": {
"type": "integer"
},
"desktop_width": {
"type": "integer"
},
"function_keys": {
"type": "integer"
},
"id": {
"type": "string"
},
"keyboard_layout": {
"type": "string"
},
"keyboard_type": {
"type": "string"
},
"product_id": {
"type": "integer"
},
"version": {
"type": "string"
},
"capabilities": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"rfb": {
"type": "object",
"optional": true,
"properties": {
"screen_shared": {
"type": "boolean"
},
"authentication": {
"type": "object",
"properties": {
"security_result": {
"type": "string"
},
"security_type": {
"type": "integer"
},
"vnc": {
"type": "object",
"properties": {
"challenge": {
"type": "string"
},
"response": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"client_protocol_version": {
"type": "object",
"properties": {
"major": {
"type": "string"
},
"minor": {
"type": "string"
}
},
"additionalProperties": false
},
"framebuffer": {
"type": "object",
"properties": {
"height": {
"type": "integer"
},
"name": {
"type": "string"
},
"width": {
"type": "integer"
},
"pixel_format": {
"type": "object",
"properties": {
"big_endian": {
"type": "boolean"
},
"bits_per_pixel": {
"type": "integer"
},
"blue_max": {
"type": "integer"
},
"blue_shift": {
"type": "integer"
},
"depth": {
"type": "integer"
},
"green_max": {
"type": "integer"
},
"green_shift": {
"type": "integer"
},
"red_max": {
"type": "integer"
},
"red_shift": {
"type": "integer"
},
"true_color": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"server_protocol_version": {
"type": "object",
"properties": {
"major": {
"type": "string"
},
"minor": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"rpc": {
"type": "object",
"optional": true,
"properties": {
"auth_type": {
"type": "string"
},
"status": {
"type": "string"
},
"xid": {
"type": "integer"
},
"creds": {
"type": "object",
"optional": true,
"properties": {
"gid": {
"type": "integer"
},
"machine_name": {
"type": "string"
},
"uid": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"sip": {
"type": "object",
"optional": true,
"properties": {
"code": {
"type": "string"
},
"method": {
"type": "string"
},
"reason": {
"type": "string"
},
"request_line": {
"type": "string"
},
"response_line": {
"type": "string"
},
"uri": {
"type": "string"
},
"version": {
"type": "string"
},
"sdp": {
"type": "object",
"description": "SDP message body",
"optional": true,
"properties": {
"version": {
"type": "integer",
"description": "SDP protocol version"
},
"origin": {
"type": "string",
"description": "Owner of the session"
},
"session_name": {
"type": "string",
"description": "Session name"
},
"session_info": {
"type": "string",
"optional": true,
"description": "Textual information about the session"
},
"uri": {
"type": "string",
"optional": true,
"description": "A pointer to additional information about the session"
},
"email": {
"type": "string",
"optional": true,
"description":
"Email address for the person responsible for the conference"
},
"phone_number": {
"type": "string",
"optional": true,
"description":
"Phone number for the person responsible for the conference"
},
"connection_data": {
"type": "string",
"optional": true,
"description": "Connection data"
},
"bandwidths": {
"type": "array",
"optional": true,
"description": "Proposed bandwidths to be used by the session or media",
"minItems": 1,
"items": {
"type": "string"
}
},
"time": {
"type": "string",
"optional": true,
"description": "Start and stop times for a session"
},
"repeat_time": {
"type": "string",
"optional": true,
"description": "Specify repeat times for a session"
},
"timezone": {
"type": "string",
"optional": true,
"description":
"Timezone to specify adjustments for times and offsets from the base time"
},
"encryption_key": {
"type": "string",
"optional": true,
"description":
"Field used to convey encryption keys if SDP is used over a secure channel"
},
"attributes": {
"type": "array",
"optional": true,
"description": "A list of attributes to extend SDP",
"minItems": 1,
"items": {
"type": "string",
"description": "Attribute's name and value"
}
},
"media_descriptions": {
"type": "array",
"description": "A list of media descriptions for a session",
"minItems": 1,
"items": {
"type": "object",
"optional": true,
"properties": {
"media": {
"type": "string",
"description": "Media description"
},
"media_info": {
"type": "string",
"optional": true,
"description":
"Media information primarily intended for labelling media streams"
},
"bandwidths": {
"type": "array",
"optional": true,
"description": "A list of bandwidth proposed for a media",
"minItems": 1,
"items": {
"type": "string"
}
},
"connection_data": {
"type": "string",
"optional": true,
"description": "Connection data per media description"
},
"attributes": {
"type": "array",
"description":
"A list of attributes specified for a media description",
"optional": true,
"minItems": 1,
"items": {
"type": "string",
"description": "Attribute's name and value"
}
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"smb": {
"type": "object",
"optional": true,
"properties": {
"access": {
"type": "string"
},
"accessed": {
"type": "integer"
},
"changed": {
"type": "integer"
},
"client_guid": {
"type": "string"
},
"command": {
"type": "string"
},
"created": {
"type": "integer"
},
"dialect": {
"type": "string"
},
"directory": {
"type": "string"
},
"disposition": {
"type": "string"
},
"filename": {
"type": "string"
},
"fuid": {
"type": "string"
},
"function": {
"type": "string"
},
"id": {
"type": "integer"
},
"level_of_interest": {
"type": "string"
},
"max_read_size": {
"type": "integer"
},
"max_write_size": {
"type": "integer"
},
"modified": {
"type": "integer"
},
"named_pipe": {
"type": "string"
},
"rename": {
"type": "object",
"optional": true,
"properties": {
"from": {
"type": "string"
},
"to": {
"type": "string"
}
},
"additionalProperties": false
},
"request_done": {
"type": "boolean"
},
"response_done": {
"type": "boolean"
},
"server_guid": {
"type": "string"
},
"session_id": {
"type": "integer"
},
"set_info": {
"type": "object",
"optional": true,
"properties": {
"class": {
"type": "string"
},
"info_level": {
"type": "string"
}
},
"additionalProperties": false
},
"share": {
"type": "string"
},
"share_type": {
"type": "string"
},
"size": {
"type": "integer"
},
"subcmd": {
"type": "string"
},
"status": {
"type": "string"
},
"status_code": {
"type": "string"
},
"tree_id": {
"type": "integer"
},
"client_dialects": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"set_info": {
"type": "object",
"optional": true,
"properties": {
"class": {
"type": "string"
},
"info_level": {
"type": "string"
}
}
},
"rename": {
"type": "object",
"optional": true,
"properties": {
"from": {
"type": "string"
},
"to": {
"type": "string"
}
}
},
"dcerpc": {
"type": "object",
"optional": true,
"properties": {
"call_id": {
"type": "integer"
},
"opnum": {
"type": "integer"
},
"request": {
"type": "string"
},
"response": {
"type": "string"
},
"interfaces": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"optional": true,
"properties": {
"ack_reason": {
"type": "integer"
},
"ack_result": {
"type": "integer"
},
"uuid": {
"type": "string"
},
"version": {
"type": "string"
}
},
"additionalProperties": false
}
},
"req": {
"type": "object",
"optional": true,
"properties": {
"frag_cnt": {
"type": "integer"
},
"stub_data_size": {
"type": "integer"
}
},
"additionalProperties": false
},
"res": {
"type": "object",
"optional": true,
"properties": {
"frag_cnt": {
"type": "integer"
},
"stub_data_size": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"kerberos": {
"type": "object",
"optional": true,
"properties": {
"realm": {
"type": "string"
},
"snames": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"ntlmssp": {
"type": "object",
"optional": true,
"properties": {
"domain": {
"type": "string"
},
"host": {
"type": "string"
},
"user": {
"type": "string"
},
"version": {
"type": "string",
"optional": true
},
"warning": {
"type": "boolean"
}
},
"additionalProperties": false
},
"request": {
"type": "object",
"optional": true,
"properties": {
"native_lm": {
"type": "string"
},
"native_os": {
"type": "string"
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"optional": true,
"properties": {
"native_lm": {
"type": "string"
},
"native_os": {
"type": "string"
}
},
"additionalProperties": false
},
"service": {
"type": "object",
"optional": true,
"properties": {
"request": {
"type": "string"
},
"response": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"smtp": {
"type": "object",
"optional": true,
"properties": {
"helo": {
"type": "string"
},
"mail_from": {
"type": "string"
},
"rcpt_to": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"snmp": {
"type": "object",
"optional": true,
"properties": {
"community": {
"type": "string"
},
"pdu_type": {
"type": "string"
},
"usm": {
"type": "string"
},
"version": {
"type": "integer"
},
"vars": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"ssh": {
"type": "object",
"optional": true,
"properties": {
"client": {
"type": "object",
"properties": {
"proto_version": {
"type": "string"
},
"software_version": {
"type": "string"
},
"hassh": {
"type": "object",
"properties": {
"hash": {
"type": "string"
},
"string": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"server": {
"type": "object",
"properties": {
"proto_version": {
"type": "string"
},
"software_version": {
"type": "string"
},
"hassh": {
"type": "object",
"properties": {
"hash": {
"type": "string"
},
"string": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"stats": {
"type": "object",
"optional": true,
"properties": {
"uptime": {
"description": "Suricata engine's uptime",
"type": "integer"
},
"capture": {
"type": "object",
"properties": {
"kernel_packets": {
"type": "integer"
},
"kernel_drops": {
"type": "integer"
},
"kernel_ifdrops": {
"type": "integer"
}
}
},
"app_layer": {
"type": "object",
"properties": {
"expectations": {
"description": "Expectation (dynamic parallel flow) counter",
"type": "integer"
},
"error": {
"type": "object",
"properties": {
"exception_policy": {
"description":
"Consolidated stats on how many times app-layer error exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"bittorrent-dht": {
"description":
"Errors encountered parsing BitTorrent DHT protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"dcerpc_tcp": {
"description": "Errors encountered parsing DCERPC/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"dcerpc_udp": {
"description": "Errors encountered parsing DCERPC/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"dhcp": {
"description": "Errors encountered parsing DHCP",
"$ref": "#/$defs/stats_applayer_error"
},
"dnp3": {
"description": "Errors encountered parsing DNP3",
"$ref": "#/$defs/stats_applayer_error"
},
"dns_tcp": {
"description": "Errors encountered parsing DNS/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"dns_udp": {
"description": "Errors encountered parsing DNS/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"enip_tcp": {
"description": "Errors encounterd parsing ENIP/TCP",
"$ref": "#/$defs/stats_applayer_error"
},
"enip_udp": {
"description": "Errors encountered parsing ENIP/UDP",
"$ref": "#/$defs/stats_applayer_error"
},
"failed_tcp": {
"description": "Errors encountered parsing TCP",
"$ref": "#/$defs/stats_applayer_error"
},
"ftp": {
"description": "Errors encountered parsing FTP",
"$ref": "#/$defs/stats_applayer_error"
},
"ftp-data": {
"description": "Errors encountered parsing FTP data",
"$ref": "#/$defs/stats_applayer_error"
},
"http": {
"description": "Errors encountered parsing HTTP",
"$ref": "#/$defs/stats_applayer_error"
},
"http2": {
"description": "Errors encountered parsing HTTP/2",
"$ref": "#/$defs/stats_applayer_error"
},
"ike": {
"description": "Errors encountered parsing IKE protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"imap": {
"description": "Errors encountered parsing IMAP",
"$ref": "#/$defs/stats_applayer_error"
},
"krb5_tcp": {
"description":
"Errors encountered parsing Kerberos v5/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"krb5_udp": {
"description":
"Errors encountered parsing Kerberos v5/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"modbus": {
"description": "Errors encountered parsing Modbus protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"mqtt": {
"description": "Errors encountered parsing MQTT protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"nfs_tcp": {
"description": "Errors encountered parsing NFS/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"nfs_udp": {
"description": "Errors encountered parsing NFS/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"ntp": {
"description": "Errors encountered parsing NTP",
"$ref": "#/$defs/stats_applayer_error"
},
"pgsql": {
"description": "Errors encountered parsing PostgreSQL protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"pop3": {
"$ref": "#/$defs/stats_applayer_error"
},
"quic": {
"description": "Errors encountered parsing QUIC protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"rdp": {
"description": "Errors encountered parsing RDP",
"$ref": "#/$defs/stats_applayer_error"
},
"rfb": {
"description": "Errors encountered parsing RFB protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"sip_udp": {
"description": "Errors encountered parsing SIP/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"sip_tcp": {
"description": "Errors encountered parsing SIP/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"smb": {
"description": "Errors encountered parsing SMB protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"smtp": {
"description": "Errors encountered parsing SMTP",
"$ref": "#/$defs/stats_applayer_error"
},
"snmp": {
"description": "Errors encountered parsing SNMP",
"$ref": "#/$defs/stats_applayer_error"
},
"ssh": {
"description": "Errors encountered parsing SSH protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"telnet": {
"description": "Errors encountered parsing Telnet protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"tftp": {
"description": "Errors encountered parsing TFTP",
"$ref": "#/$defs/stats_applayer_error"
},
"tls": {
"description": "Errors encountered parsing TLS protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"websocket": {
"$ref": "#/$defs/stats_applayer_error"
}
},
"additionalProperties": false
},
"flow": {
"type": "object",
"properties": {
"bittorrent-dht": {
"description": "Number of flows for BitTorrent DHT protocol",
"type": "integer"
},
"dcerpc_tcp": {
"description": "Number of flows for DCERPC/TCP protocol",
"type": "integer"
},
"dcerpc_udp": {
"description": "Number of flows for DCERPC/UDP protocol",
"type": "integer"
},
"dhcp": {
"description": "Number of flows for DHCP",
"type": "integer"
},
"dnp3": {
"description": "Number of flows for DNP3",
"type": "integer"
},
"dns_tcp": {
"description": "Number of flows for DNS/TCP protocol",
"type": "integer"
},
"dns_udp": {
"description": "Number of flows for DNS/UDP protocol",
"type": "integer"
},
"enip_tcp": {
"description": "Number of flows for ENIP/TCP",
"type": "integer"
},
"enip_udp": {
"description": "Number of flows for ENIP/UDP",
"type": "integer"
},
"failed_tcp": {
"description": "Number of failed flows for TCP",
"type": "integer"
},
"failed_udp": {
"description": "Number of failed flows for UDP",
"type": "integer"
},
"ftp": {
"description": "Number of flows for FTP",
"type": "integer"
},
"ftp-data": {
"description": "Number of flows for FTP data protocol",
"type": "integer"
},
"http": {
"description": "Number of flows for HTTP",
"type": "integer"
},
"http2": {
"description": "Number of flows for HTTP/2",
"type": "integer"
},
"ike": {
"description": "Number of flows for IKE protocol",
"type": "integer"
},
"ikev2": {
"description": "Number of flows for IKE v2 protocol",
"type": "integer"
},
"imap": {
"description": "Number of flows for IMAP",
"type": "integer"
},
"krb5_tcp": {
"description": "Number of flows for Kerberos v5/TCP protocol",
"type": "integer"
},
"krb5_udp": {
"description": "Number of flows for Kerberos v5/UDP protocol",
"type": "integer"
},
"modbus": {
"description": "Number of flows for Modbus protocol",
"type": "integer"
},
"mqtt": {
"description": "Number of flows for MQTT protocol",
"type": "integer"
},
"nfs_tcp": {
"description": "Number of flows for NFS/TCP protocol",
"type": "integer"
},
"nfs_udp": {
"description": "Number of flows for NFS/UDP protocol",
"type": "integer"
},
"ntp": {
"description": "Number of flows for NTP",
"type": "integer"
},
"pgsql": {
"description": "Number of flows for PostgreSQL protocol",
"type": "integer"
},
"pop3": {
"type": "integer"
},
"quic": {
"description": "Number of flows for QUIC protocol",
"type": "integer"
},
"rdp": {
"description": "Number of flows for RDP",
"type": "integer"
},
"rfb": {
"description": "Number of flows for RFB protocol",
"type": "integer"
},
"sip_udp": {
"description": "Number of flows for SIP/UDP protocol",
"type": "integer"
},
"sip_tcp": {
"description": "Number of flows for SIP/TCP protocol",
"type": "integer"
},
"smb": {
"description": "Number of flows for SMB protocol",
"type": "integer"
},
"smtp": {
"description": "Number of flows for SMTP",
"type": "integer"
},
"snmp": {
"description": "Number of flows for SNMP",
"type": "integer"
},
"ssh": {
"description": "Number of flows for SSH protocol",
"type": "integer"
},
"telnet": {
"description": "Number of flows for Telnet protocol",
"type": "integer"
},
"tftp": {
"description": "Number of flows for TFTP",
"type": "integer"
},
"tls": {
"description": "Number of flows for TLS protocol",
"type": "integer"
},
"websocket": {
"type": "integer"
}
},
"additionalProperties": false
},
"tx": {
"type": "object",
"properties": {
"bittorrent-dht": {
"description":
"Number of transactions for BitTorrent DHT protocol",
"type": "integer"
},
"dcerpc_tcp": {
"description": "Number of transactions for DCERPC/TCP protocol",
"type": "integer"
},
"dcerpc_udp": {
"description": "Number of transactions for DCERPC/UDP protocol",
"type": "integer"
},
"dhcp": {
"description": "Number of transactions for DHCP",
"type": "integer"
},
"dnp3": {
"description": "Number of transactions for DNP3",
"type": "integer"
},
"dns_tcp": {
"description": "Number of transactions for DNS/TCP protocol",
"type": "integer"
},
"dns_udp": {
"description": "Number of transactions for DNS/UDP protocol",
"type": "integer"
},
"enip_tcp": {
"description": "Number of transactions for ENIP/TCP",
"type": "integer"
},
"enip_udp": {
"description": "Number of transactions for ENIP/UDP",
"type": "integer"
},
"ftp": {
"description": "Number of transactions for FTP",
"type": "integer"
},
"ftp-data": {
"description": "Number of transactions for FTP data protocol",
"type": "integer"
},
"http": {
"description": "Number of transactions for HTTP",
"type": "integer"
},
"http2": {
"description": "Number of transactions for HTTP/2",
"type": "integer"
},
"ike": {
"description": "Number of transactions for IKE protocol",
"type": "integer"
},
"ikev2": {
"description": "Number of transactions for IKE v2 protocol",
"type": "integer"
},
"imap": {
"description": "Number of transactions for IMAP",
"type": "integer"
},
"krb5_tcp": {
"description":
"Number of transactions for Kerberos v5/TCP protocol",
"type": "integer"
},
"krb5_udp": {
"description":
"Number of transactions for Kerberos v5/UDP protocol",
"type": "integer"
},
"modbus": {
"description": "Number of transactions for Modbus protocol",
"type": "integer"
},
"mqtt": {
"description": "Number of transactions for MQTT protocol",
"type": "integer"
},
"nfs_tcp": {
"description": "Number of transactions for NFS/TCP protocol",
"type": "integer"
},
"nfs_udp": {
"description": "Number of transactions for NFS/UDP protocol",
"type": "integer"
},
"ntp": {
"description": "Number of transactions for NTP",
"type": "integer"
},
"pgsql": {
"description": "Number of transactions for PostgreSQL protocol",
"type": "integer"
},
"pop3": {
"type": "integer"
},
"quic": {
"description": "Number of transactions for QUIC protocol",
"type": "integer"
},
"rdp": {
"description": "Number of transactions for RDP",
"type": "integer"
},
"rfb": {
"description": "Number of transactions for RFB protocol",
"type": "integer"
},
"sip_udp": {
"description": "Number of transactions for SIP/UDP protocol",
"type": "integer"
},
"sip_tcp": {
"description": "Number of transactions for SIP/TCP protocol",
"type": "integer"
},
"smb": {
"description": "Number of transactions for SMB protocol",
"type": "integer"
},
"smtp": {
"description": "Number of transactions for SMTP",
"type": "integer"
},
"snmp": {
"description": "Number of transactions for SNMP",
"type": "integer"
},
"ssh": {
"description": "Number of transactions for SSH protocol",
"type": "integer"
},
"telnet": {
"description": "Number of transactions for Telnet protocol",
"type": "integer"
},
"tftp": {
"description": "Number of transactions for TFTP",
"type": "integer"
},
"tls": {
"description": "Number of transactions for TLS protocol",
"type": "integer"
},
"websocket": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"ips": {
"type": "object",
"properties": {
"accepted": {
"description": "Number of accepted packets",
"type": "integer"
},
"blocked": {
"description": "Number of blocked packets",
"type": "integer"
},
"rejected": {
"description": "Number of rejected packets",
"type": "integer"
},
"replaced": {
"description": "Number of replaced packets",
"type": "integer"
},
"drop_reason": {
"description": "Number of dropped packets, grouped by drop reason",
"type": "object",
"properties": {
"decode_error": {
"description":
"Number of packets dropped due to decoding errors",
"type": "integer"
},
"defrag_error": {
"description":
"Number of packets dropped due to defragmentation errors",
"type": "integer"
},
"defrag_memcap": {
"description":
"Number of packets dropped due to defrag memcap exception policy",
"type": "integer"
},
"flow_memcap": {
"description":
"Number of packets dropped due to flow memcap exception policy",
"type": "integer"
},
"flow_drop": {
"description": "Number of packets dropped due to dropped flows",
"type": "integer"
},
"applayer_error": {
"description":
"Number of packets dropped due to app-layer error exception policy",
"type": "integer"
},
"applayer_memcap": {
"description":
"Number of packets dropped due to applayer memcap",
"type": "integer"
},
"rules": {
"description": "Number of packets dropped due to rule actions",
"type": "integer"
},
"threshold_detection_filter": {
"description":
"Number of packets dropped due to threshold detection filter",
"type": "integer"
},
"stream_error": {
"description":
"Number of packets dropped due to invalid TCP stream",
"type": "integer"
},
"stream_memcap": {
"description":
"Number of packets dropped due to stream memcap exception policy",
"type": "integer"
},
"stream_midstream": {
"description":
"Number of packets dropped due to stream midstream exception policy",
"type": "integer"
},
"stream_reassembly": {
"description":
"Number of packets dropped due to stream reassembly exception policy",
"type": "integer"
},
"nfq_error": {
"description":
"Number of packets dropped due to no NFQ verdict",
"type": "integer"
},
"tunnel_packet_drop": {
"description":
"Number of packets dropped due to inner tunnel packet being dropped",
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"decoder": {
"type": "object",
"properties": {
"avg_pkt_size": {
"type": "integer"
},
"bytes": {
"type": "integer"
},
"chdlc": {
"type": "integer"
},
"erspan": {
"type": "integer"
},
"esp": {
"type": "integer"
},
"ethernet": {
"type": "integer"
},
"arp": {
"type": "integer"
},
"unknown_ethertype": {
"type": "integer"
},
"geneve": {
"type": "integer"
},
"gre": {
"type": "integer"
},
"icmpv4": {
"type": "integer"
},
"icmpv6": {
"type": "integer"
},
"ieee8021ah": {
"type": "integer"
},
"invalid": {
"type": "integer"
},
"ipv4": {
"type": "integer"
},
"ipv4_in_ipv6": {
"type": "integer"
},
"ipv6": {
"type": "integer"
},
"ipv6_in_ipv6": {
"type": "integer"
},
"max_mac_addrs_dst": {
"type": "integer"
},
"max_mac_addrs_src": {
"type": "integer"
},
"max_pkt_size": {
"type": "integer"
},
"mpls": {
"type": "integer"
},
"nsh": {
"type": "integer"
},
"null": {
"type": "integer"
},
"pkts": {
"type": "integer"
},
"ppp": {
"type": "integer"
},
"pppoe": {
"type": "integer"
},
"raw": {
"type": "integer"
},
"sctp": {
"type": "integer"
},
"sll": {
"type": "integer"
},
"tcp": {
"type": "integer"
},
"teredo": {
"type": "integer"
},
"too_many_layers": {
"type": "integer"
},
"udp": {
"type": "integer"
},
"vlan": {
"type": "integer"
},
"vlan_qinq": {
"type": "integer"
},
"vlan_qinqinq": {
"type": "integer"
},
"vntag": {
"type": "integer"
},
"vxlan": {
"type": "integer"
},
"event": {
"type": "object",
"properties": {
"arp": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
},
"unsupported_hardware": {
"type": "integer"
},
"unsupported_protocol": {
"type": "integer"
},
"unsupported_pkt": {
"type": "integer"
},
"invalid_hardware_size": {
"type": "integer"
},
"invalid_protocol_size": {
"type": "integer"
},
"unsupported_opcode": {
"type": "integer"
}
},
"additionalProperties": false
},
"chdlc": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"dce": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"erspan": {
"type": "object",
"properties": {
"header_too_small": {
"type": "integer"
},
"too_many_vlan_layers": {
"type": "integer"
},
"unsupported_version": {
"type": "integer"
}
},
"additionalProperties": false
},
"esp": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"ethernet": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"geneve": {
"type": "object",
"properties": {
"unknown_payload_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"gre": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
},
"version0_flags": {
"type": "integer"
},
"version0_hdr_too_big": {
"type": "integer"
},
"version0_malformed_sre_hdr": {
"type": "integer"
},
"version0_recur": {
"type": "integer"
},
"version1_chksum": {
"type": "integer"
},
"version1_flags": {
"type": "integer"
},
"version1_hdr_too_big": {
"type": "integer"
},
"version1_malformed_sre_hdr": {
"type": "integer"
},
"version1_no_key": {
"type": "integer"
},
"version1_recur": {
"type": "integer"
},
"version1_route": {
"type": "integer"
},
"version1_ssr": {
"type": "integer"
},
"version1_wrong_protocol": {
"type": "integer"
},
"wrong_version": {
"type": "integer"
}
},
"additionalProperties": false
},
"icmpv4": {
"type": "object",
"properties": {
"ipv4_trunc_pkt": {
"type": "integer"
},
"ipv4_unknown_ver": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"unknown_code": {
"type": "integer"
},
"unknown_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"icmpv6": {
"type": "object",
"properties": {
"experimentation_type": {
"type": "integer"
},
"ipv6_trunc_pkt": {
"type": "integer"
},
"ipv6_unknown_version": {
"type": "integer"
},
"mld_message_with_invalid_hl": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"unassigned_type": {
"type": "integer"
},
"unknown_code": {
"type": "integer"
},
"unknown_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"ieee8021ah": {
"type": "object",
"properties": {
"header_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"ipraw": {
"type": "object",
"properties": {
"invalid_ip_version": {
"type": "integer"
}
},
"additionalProperties": false
},
"ipv4": {
"type": "object",
"properties": {
"frag_ignored": {
"type": "integer"
},
"frag_overlap": {
"type": "integer"
},
"frag_pkt_too_large": {
"type": "integer"
},
"hlen_too_small": {
"type": "integer"
},
"icmpv6": {
"type": "integer"
},
"iplen_smaller_than_hlen": {
"type": "integer"
},
"opt_duplicate": {
"type": "integer"
},
"opt_eol_required": {
"type": "integer"
},
"opt_invalid": {
"type": "integer"
},
"opt_invalid_len": {
"type": "integer"
},
"opt_malformed": {
"type": "integer"
},
"opt_pad_required": {
"type": "integer"
},
"opt_unknown": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"trunc_pkt": {
"type": "integer"
},
"wrong_ip_version": {
"type": "integer"
}
},
"additionalProperties": false
},
"ipv6": {
"type": "object",
"properties": {
"data_after_none_header": {
"type": "integer"
},
"dstopts_only_padding": {
"type": "integer"
},
"dstopts_unknown_opt": {
"type": "integer"
},
"exthdr_ah_res_not_null": {
"type": "integer"
},
"exthdr_dupl_ah": {
"type": "integer"
},
"exthdr_dupl_dh": {
"type": "integer"
},
"exthdr_dupl_eh": {
"type": "integer"
},
"exthdr_dupl_fh": {
"type": "integer"
},
"exthdr_dupl_hh": {
"type": "integer"
},
"exthdr_dupl_rh": {
"type": "integer"
},
"exthdr_invalid_optlen": {
"type": "integer"
},
"exthdr_useless_fh": {
"type": "integer"
},
"fh_non_zero_reserved_field": {
"type": "integer"
},
"frag_ignored": {
"type": "integer"
},
"frag_invalid_length": {
"type": "integer"
},
"frag_overlap": {
"type": "integer"
},
"frag_pkt_too_large": {
"type": "integer"
},
"hopopts_only_padding": {
"type": "integer"
},
"hopopts_unknown_opt": {
"type": "integer"
},
"icmpv4": {
"type": "integer"
},
"ipv4_in_ipv6_too_small": {
"type": "integer"
},
"ipv4_in_ipv6_wrong_version": {
"type": "integer"
},
"ipv6_in_ipv6_too_small": {
"type": "integer"
},
"ipv6_in_ipv6_wrong_version": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"rh_type_0": {
"type": "integer"
},
"trunc_exthdr": {
"type": "integer"
},
"trunc_pkt": {
"type": "integer"
},
"unknown_next_header": {
"type": "integer"
},
"wrong_ip_version": {
"type": "integer"
},
"zero_len_padn": {
"type": "integer"
}
},
"additionalProperties": false
},
"ltnull": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
},
"unsupported_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"mpls": {
"type": "object",
"properties": {
"bad_label_implicit_null": {
"type": "integer"
},
"bad_label_reserved": {
"type": "integer"
},
"bad_label_router_alert": {
"type": "integer"
},
"header_too_small": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"unknown_payload_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"nsh": {
"type": "object",
"properties": {
"bad_header_length": {
"type": "integer"
},
"header_too_small": {
"type": "integer"
},
"reserved_type": {
"type": "integer"
},
"unknown_payload": {
"type": "integer"
},
"unsupported_type": {
"type": "integer"
},
"unsupported_version": {
"type": "integer"
}
},
"additionalProperties": false
},
"ppp": {
"type": "object",
"properties": {
"ip4_pkt_too_small": {
"type": "integer"
},
"ip6_pkt_too_small": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"unsup_proto": {
"type": "integer"
},
"vju_pkt_too_small": {
"type": "integer"
},
"wrong_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"pppoe": {
"type": "object",
"properties": {
"malformed_tags": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"wrong_code": {
"type": "integer"
}
},
"additionalProperties": false
},
"sctp": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"sll": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"tcp": {
"type": "object",
"properties": {
"hlen_too_small": {
"type": "integer"
},
"invalid_optlen": {
"type": "integer"
},
"opt_duplicate": {
"type": "integer"
},
"opt_invalid_len": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"udp": {
"type": "object",
"properties": {
"hlen_invalid": {
"type": "integer"
},
"hlen_too_small": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"len_invalid": {
"type": "integer"
}
},
"additionalProperties": false
},
"vlan": {
"type": "object",
"properties": {
"header_too_small": {
"type": "integer"
},
"too_many_layers": {
"type": "integer"
},
"unknown_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"vntag": {
"type": "object",
"properties": {
"header_too_small": {
"type": "integer"
},
"unknown_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"vxlan": {
"type": "object",
"properties": {
"unknown_payload_type": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"defrag": {
"type": "object",
"properties": {
"tracker_soft_reuse": {
"type": "integer",
"description":
"Finished tracker re-used from hash table before being moved to spare pool"
},
"tracker_hard_reuse": {
"type": "integer",
"description":
"Active tracker force closed before completion and reused for new tracker"
},
"max_trackers_reached": {
"type": "integer",
"description":
"How many times a packet wasn't reassembled due to max-trackers limit being reached"
},
"max_frags_reached": {
"type": "integer",
"description":
"How many times a fragment wasn't stored due to max-frags limit being reached"
},
"memuse": {
"type": "integer",
"description": "Current memory use."
},
"memcap_exception_policy": {
"description":
"How many times defrag memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"ipv4": {
"type": "object",
"properties": {
"fragments": {
"type": "integer"
},
"reassembled": {
"type": "integer"
},
"timeouts": {
"type": "integer"
}
},
"additionalProperties": false
},
"ipv6": {
"type": "object",
"properties": {
"fragments": {
"type": "integer"
},
"reassembled": {
"type": "integer"
},
"timeouts": {
"type": "integer"
}
},
"additionalProperties": false
},
"mgr": {
"type": "object",
"properties": {
"tracker_timeout": {
"type": "integer"
}
},
"additionalProperties": false
},
"wrk": {
"type": "object",
"properties": {
"tracker_timeout": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"detect": {
"type": "object",
"properties": {
"alert": {
"type": "integer"
},
"alert_queue_overflow": {
"type": "integer"
},
"alerts_suppressed": {
"type": "integer"
},
"lua": {
"type": "object",
"properties": {
"blocked_function_errors": {
"description":
"Counter for Lua scripts failing due to blocked functions being called",
"type": "integer"
},
"instruction_limit_errors": {
"description":
"Count of Lua rules exceeding the instruction limit",
"type": "integer"
},
"memory_limit_errors": {
"description": "Count of Lua rules exceeding the memory limit",
"type": "integer"
},
"errors": {
"description": "Errors encountered while running Lua scripts",
"type": "integer"
}
},
"additionalProperties": false
},
"mpm_list": {
"type": "integer"
},
"nonmpm_list": {
"type": "integer"
},
"fnonmpm_list": {
"type": "integer"
},
"match_list": {
"type": "integer"
},
"engines": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"last_reload": {
"type": "string"
},
"rules_loaded": {
"type": "integer"
},
"rules_failed": {
"type": "integer"
},
"rules_skipped": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
},
"file_store": {
"type": "object",
"properties": {
"fs_errors": {
"type": "integer"
},
"open_files": {
"type": "integer"
},
"open_files_max_hit": {
"type": "integer"
}
},
"additionalProperties": false
},
"flow": {
"type": "object",
"properties": {
"active": {
"type": "integer"
},
"emerg_mode_entered": {
"type": "integer"
},
"emerg_mode_over": {
"type": "integer"
},
"get_used": {
"type": "integer"
},
"get_used_eval": {
"type": "integer"
},
"get_used_eval_busy": {
"type": "integer"
},
"get_used_eval_reject": {
"type": "integer"
},
"get_used_failed": {
"type": "integer"
},
"icmpv4": {
"type": "integer"
},
"icmpv6": {
"type": "integer"
},
"memcap": {
"type": "integer"
},
"memcap_exception_policy": {
"description":
"How many times flow memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"memuse": {
"type": "integer"
},
"spare": {
"type": "integer"
},
"tcp": {
"type": "integer"
},
"tcp_reuse": {
"type": "integer"
},
"total": {
"type": "integer"
},
"udp": {
"type": "integer"
},
"end": {
"type": "object",
"properties": {
"state": {
"type": "object",
"properties": {
"new": {
"type": "integer"
},
"established": {
"type": "integer"
},
"closed": {
"type": "integer"
},
"local_bypassed": {
"type": "integer"
},
"capture_bypassed": {
"type": "integer"
}
},
"additionalProperties": false
},
"tcp_state": {
"type": "object",
"properties": {
"none": {
"type": "integer"
},
"syn_sent": {
"type": "integer"
},
"syn_recv": {
"type": "integer"
},
"established": {
"type": "integer"
},
"fin_wait1": {
"type": "integer"
},
"fin_wait2": {
"type": "integer"
},
"time_wait": {
"type": "integer"
},
"last_ack": {
"type": "integer"
},
"close_wait": {
"type": "integer"
},
"closing": {
"type": "integer"
},
"closed": {
"type": "integer"
}
},
"additionalProperties": false
},
"tcp_liberal": {
"type": "integer"
}
},
"additionalProperties": false
},
"mgr": {
"type": "object",
"properties": {
"flows_checked": {
"type": "integer"
},
"flows_evicted": {
"type": "integer"
},
"flows_evicted_needs_work": {
"type": "integer"
},
"flows_notimeout": {
"type": "integer"
},
"flows_timeout": {
"type": "integer"
},
"full_hash_pass": {
"type": "integer"
},
"rows_maxlen": {
"type": "integer"
},
"rows_per_sec": {
"type": "integer"
}
},
"additionalProperties": false
},
"recycler": {
"type": "object",
"properties": {
"recycled": {
"type": "integer"
},
"queue_avg": {
"type": "integer"
},
"queue_max": {
"type": "integer"
}
},
"additionalProperties": false
},
"wrk": {
"type": "object",
"properties": {
"flows_evicted": {
"type": "integer"
},
"flows_evicted_needs_work": {
"type": "integer"
},
"flows_evicted_pkt_inject": {
"type": "integer"
},
"flows_injected": {
"type": "integer"
},
"flows_injected_max": {
"type": "integer"
},
"spare_sync": {
"type": "integer"
},
"spare_sync_avg": {
"type": "integer"
},
"spare_sync_empty": {
"type": "integer"
},
"spare_sync_incomplete": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"flow_bypassed": {
"type": "object",
"properties": {
"bytes": {
"type": "integer"
},
"closed": {
"type": "integer"
},
"local_bytes": {
"type": "integer"
},
"local_capture_bytes": {
"type": "integer"
},
"local_capture_pkts": {
"type": "integer"
},
"local_pkts": {
"type": "integer"
},
"pkts": {
"type": "integer"
}
},
"additionalProperties": false
},
"flow_mgr": {
"type": "object",
"properties": {
"bypassed_pruned": {
"type": "integer"
},
"closed_pruned": {
"type": "integer"
},
"est_pruned": {
"type": "integer"
},
"flows_checked": {
"type": "integer"
},
"flows_notimeout": {
"type": "integer"
},
"flows_removed": {
"type": "integer"
},
"flows_timeout": {
"type": "integer"
},
"new_pruned": {
"type": "integer"
},
"rows_busy": {
"type": "integer"
},
"rows_checked": {
"type": "integer"
},
"rows_empty": {
"type": "integer"
},
"rows_maxlen": {
"type": "integer"
},
"rows_skipped": {
"type": "integer"
}
},
"additionalProperties": false
},
"memcap": {
"type": "object",
"properties": {
"pressure": {
"description":
"Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http",
"type": "integer"
},
"pressure_max": {
"description": "Maximum pressure seen by the engine",
"type": "integer"
}
},
"additionalProperties": false
},
"ftp": {
"type": "object",
"properties": {
"memcap": {
"type": "integer"
},
"memuse": {
"type": "integer"
}
},
"additionalProperties": false
},
"http": {
"type": "object",
"properties": {
"memcap": {
"type": "integer"
},
"memuse": {
"type": "integer"
}
},
"additionalProperties": false
},
"tcp": {
"type": "object",
"properties": {
"ack_unseen_data": {
"type": "integer"
},
"active_sessions": {
"type": "integer"
},
"insert_data_normal_fail": {
"type": "integer"
},
"insert_data_overlap_fail": {
"type": "integer"
},
"insert_list_fail": {
"type": "integer"
},
"invalid_checksum": {
"type": "integer"
},
"memuse": {
"type": "integer"
},
"midstream_pickups": {
"type": "integer"
},
"midstream_exception_policy": {
"description":
"How many times midstream exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"no_flow": {
"type": "integer"
},
"overlap": {
"type": "integer"
},
"overlap_diff_data": {
"type": "integer"
},
"pkt_on_wrong_thread": {
"type": "integer"
},
"pseudo": {
"type": "integer"
},
"pseudo_failed": {
"type": "integer"
},
"reassembly_exception_policy": {
"description":
"How many times reassembly memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"reassembly_gap": {
"type": "integer"
},
"reassembly_memuse": {
"type": "integer"
},
"rst": {
"type": "integer"
},
"segment_memcap_drop": {
"type": "integer"
},
"segment_from_cache": {
"type": "integer"
},
"segment_from_pool": {
"type": "integer"
},
"sessions": {
"type": "integer"
},
"ssn_from_cache": {
"type": "integer"
},
"ssn_from_pool": {
"type": "integer"
},
"ssn_memcap_drop": {
"type": "integer"
},
"ssn_memcap_exception_policy": {
"description":
"How many times session memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"stream_depth_reached": {
"type": "integer"
},
"syn": {
"type": "integer"
},
"synack": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"tcp": {
"type": "object",
"properties": {
"ack": {
"type": "boolean"
},
"cwr": {
"type": "boolean"
},
"ecn": {
"type": "boolean"
},
"fin": {
"type": "boolean"
},
"psh": {
"type": "boolean"
},
"rst": {
"type": "boolean"
},
"state": {
"type": "string"
},
"syn": {
"type": "boolean"
},
"tc_gap": {
"type": "boolean"
},
"tc_max_regions": {
"type": "integer"
},
"tcp_flags": {
"type": "string"
},
"tcp_flags_tc": {
"type": "string"
},
"tcp_flags_ts": {
"type": "string"
},
"ts_gap": {
"type": "boolean"
},
"ts_max_regions": {
"type": "integer"
},
"urg": {
"type": "boolean"
}
},
"additionalProperties": true
},
"template": {
"type": "object",
"properties": {
"request": {
"type": "string"
},
"response": {
"type": "string"
}
},
"additionalProperties": false
},
"tftp": {
"type": "object",
"properties": {
"file": {
"type": "string"
},
"mode": {
"type": "string"
},
"packet": {
"type": "string"
}
},
"additionalProperties": false
},
"tls": {
"type": "object",
"properties": {
"client": {
"type": "object",
"properties": {
"fingerprint": {
"type": "string"
},
"issuerdn": {
"type": "string"
},
"subjectaltname": {
"description": "TLS Subject Alternative Name field",
"type": "array",
"items": {
"type": "string"
}
},
"notafter": {
"$ref": "#/$defs/tls_date"
},
"notbefore": {
"$ref": "#/$defs/tls_date"
},
"serial": {
"type": "string"
},
"subject": {
"type": "string"
}
},
"additionalProperties": false
},
"fingerprint": {
"type": "string"
},
"from_proto": {
"type": "string"
},
"issuerdn": {
"type": "string"
},
"subjectaltname": {
"description": "TLS Subject Alternative Name field",
"type": "array",
"items": {
"type": "string"
}
},
"notafter": {
"$ref": "#/$defs/tls_date"
},
"notbefore": {
"$ref": "#/$defs/tls_date"
},
"serial": {
"type": "string"
},
"session_resumed": {
"type": "boolean"
},
"sni": {
"type": "string"
},
"subject": {
"type": "string"
},
"version": {
"type": "string"
},
"ja3": {
"type": "object",
"properties": {
"hash": {
"type": "string"
},
"string": {
"type": "string"
}
},
"additionalProperties": false
},
"ja3s": {
"type": "object",
"properties": {
"hash": {
"type": "string"
},
"string": {
"type": "string"
}
},
"additionalProperties": false
},
"ja4": {
"type": "string"
}
},
"additionalProperties": false
},
"traffic": {
"type": "object",
"properties": {
"id": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"label": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"tunnel": {
"type": "object",
"properties": {
"depth": {
"type": "integer"
},
"dest_ip": {
"type": "string"
},
"dest_port": {
"type": "integer"
},
"pcap_cnt": {
"type": "integer"
},
"pkt_src": {
"type": "string"
},
"proto": {
"type": "string"
},
"src_ip": {
"type": "string"
},
"src_port": {
"type": "integer"
}
},
"additionalProperties": false
},
"websocket": {
"type": "object",
"properties": {
"fin": {
"type": "boolean"
},
"mask": {
"type": "integer"
},
"opcode": {
"type": "string"
},
"payload_base64": {
"type": "string"
},
"payload_printable": {
"type": "string"
}
},
"additionalProperties": false
}
},
"$defs": {
"dns.authorities": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"rdata": {
"type": "string"
},
"rrname": {
"type": "string"
},
"rrtype": {
"type": "string"
},
"ttl": {
"type": "integer"
},
"soa": {
"type": "object",
"properties": {
"expire": {
"type": "integer"
},
"minimum": {
"type": "integer"
},
"mname": {
"type": "string"
},
"refresh": {
"type": "integer"
},
"retry": {
"type": "integer"
},
"rname": {
"type": "string"
},
"serial": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"stats_applayer_error": {
"type": "object",
"properties": {
"gap": {
"description": "Number of errors processing gaps",
"type": "integer"
},
"alloc": {
"description": "Number of errors allocating memory",
"type": "integer"
},
"parser": {
"description": "Number of errors reported by parser",
"type": "integer"
},
"internal": {
"description": "Number of internal parser errors",
"type": "integer"
},
"exception_policy": {
"description":
"How many times app-layer error exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
}
},
"additionalProperties": false
},
"tls_date": {
"$comment": "Definition for TLS date formats",
"type": "string",
"pattern": "^[1-2]\\d{3}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$"
},
"verdict_type": {
"type": "object",
"properties": {
"action": {
"type": "string"
},
"reject": {
"type": "array",
"items": {
"type": "string",
"oneOf": [
{
"enum": [
"icmp-prohib",
"tcp-reset"
]
}
]
}
},
"reject-target": {
"type": "string",
"oneOf": [
{
"enum": [
"to_client",
"to_server",
"both"
]
}
]
}
}
},
"exceptionPolicy": {
"type": "object",
"properties": {
"drop_flow": {
"type": "integer",
"minimum": 0
},
"drop_packet": {
"type": "integer",
"minimum": 0
},
"pass_flow": {
"type": "integer",
"minimum": 0
},
"pass_packet": {
"type": "integer",
"minimum": 0
},
"bypass": {
"type": "integer",
"minimum": 0
},
"reject": {
"type": "integer",
"minimum": 0
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink