aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
main-7.0.x
main-8.0.x
dev-7.0.15/v1
dev-8.0.4/v1
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dfd9ef5784'
${ noResults }
suricata/etc/schema.json

7349 lines
293 KiB
JSON
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{
"type": "object",
"additionalProperties": false,
"required": [
"event_type",
"timestamp"
],
"properties": {
"app_proto": {
"type": "string"
},
"app_proto_expected": {
"type": "string"
},
"app_proto_orig": {
"type": "string"
},
"app_proto_tc": {
"type": "string"
},
"app_proto_ts": {
"type": "string"
},
"capture_file": {
"type": "string"
},
"community_id": {
"type": "string"
},
"dest_ip": {
"type": "string"
},
"dest_port": {
"type": "integer"
},
"event_type": {
"type": "string"
},
"flow_id": {
"type": "integer"
},
"host": {
"$comment":
"May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919",
"description": "the sensor-name, if configured",
"type": "string"
},
"icmp_code": {
"type": "integer"
},
"icmp_type": {
"type": "integer"
},
"in_iface": {
"type": "string"
},
"log_level": {
"type": "string"
},
"packet": {
"type": "string"
},
"parent_id": {
"type": "integer"
},
"payload": {
"type": "string"
},
"payload_length": {
"type": "integer"
},
"payload_printable": {
"type": "string"
},
"pcap_cnt": {
"type": "integer"
},
"pcap_filename": {
"type": "string"
},
"pkt_src": {
"type": "string"
},
"proto": {
"type": "string"
},
"response_icmp_code": {
"type": "integer"
},
"response_icmp_type": {
"type": "integer"
},
"spi": {
"type": "integer"
},
"src_ip": {
"type": "string"
},
"src_port": {
"type": "integer"
},
"stream": {
"type": "integer"
},
"timestamp": {
"type": "string",
"pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d+[+\\-]\\d+$"
},
"verdict": {
"$ref": "#/$defs/verdict_type"
},
"direction": {
"type": "string"
},
"tx_id": {
"type": "integer"
},
"tx_guessed": {
"description":
"the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect",
"type": "boolean"
},
"files": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"end": {
"type": "integer"
},
"filename": {
"type": "string"
},
"file_id": {
"type": "integer"
},
"gaps": {
"type": "boolean"
},
"magic": {
"type": "string"
},
"md5": {
"type": "string"
},
"sha1": {
"type": "string"
},
"sha256": {
"type": "string"
},
"size": {
"type": "integer"
},
"start": {
"type": "integer"
},
"state": {
"type": "string"
},
"stored": {
"type": "boolean"
},
"storing": {
"description": "the file is set to be stored when completed",
"type": "boolean"
},
"tx_id": {
"type": "integer"
},
"sid": {
"type": "array",
"minItems": 1,
"items": {
"type": "integer"
}
}
}
}
},
"vlan": {
"type": "array",
"minItems": 1,
"items": {
"type": "number"
}
},
"alert": {
"type": "object",
"properties": {
"action": {
"type": "string"
},
"category": {
"type": "string"
},
"gid": {
"type": "integer"
},
"rev": {
"type": "integer"
},
"rule": {
"type": "string"
},
"severity": {
"type": "integer"
},
"signature": {
"type": "string"
},
"signature_id": {
"type": "integer"
},
"xff": {
"type": "string"
},
"metadata": {
"type": "object",
"properties": {
"affected_product": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"attack_target": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"created_at": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"deployment": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"former_category": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"malware_family": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"policy": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"signature_severity": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"tag": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"updated_at": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": true
},
"references": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"source": {
"type": "object",
"properties": {
"ip": {
"type": "string"
},
"port": {
"type": "integer"
}
},
"additionalProperties": false
},
"target": {
"type": "object",
"properties": {
"ip": {
"type": "string"
},
"port": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"stream_tcp": {
"type": "object",
"additionalProperties": true
},
"anomaly": {
"type": "object",
"properties": {
"app_proto": {
"type": "string"
},
"event": {
"type": "string"
},
"layer": {
"type": "string"
},
"type": {
"type": "string"
},
"code": {
"type": "integer"
}
},
"additionalProperties": false
},
"arp": {
"type": "object",
"optional": true,
"properties": {
"hw_type": {
"type": "string",
"description": "Network link protocol type"
},
"proto_type": {
"type": "string",
"description": "Internetwork protocol for which the ARP request is intended"
},
"opcode": {
"type": "string",
"description": "Specifies the operation that the sender is performing"
},
"src_mac": {
"type": "string",
"description": "Physical address of the sender"
},
"src_ip": {
"type": "string",
"description": "Logical address of the sender"
},
"dest_mac": {
"type": "string",
"description": "Physical address of the intended receiver"
},
"dest_ip": {
"type": "string",
"description": "Logical address of the intended receiver"
}
},
"additionalProperties": false
},
"bittorrent_dht": {
"type": "object",
"properties": {
"transaction_id": {
"type": "string"
},
"client_version": {
"type": "string"
},
"request_type": {
"type": "string"
},
"request": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
},
"target": {
"type": "string"
},
"implied_port": {
"type": "integer"
},
"info_hash": {
"type": "string"
},
"port": {
"type": "integer"
},
"token": {
"type": "string"
}
}
},
"response": {
"type": "object",
"additionalProperties": false,
"required": [
"id"
],
"properties": {
"id": {
"type": "string"
},
"nodes": {
"type": "array",
"items": {
"type": "object",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"ip",
"port"
],
"properties": {
"id": {
"type": "string"
},
"ip": {
"type": "string"
},
"port": {
"type": "number"
}
}
}
}
},
"nodes6": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"id",
"ip",
"port"
],
"properties": {
"id": {
"type": "string"
},
"ip": {
"type": "string"
},
"port": {
"type": "number"
}
}
}
},
"token": {
"type": "string"
},
"values": {
"type": "array",
"items": {
"type": "object"
}
}
}
},
"error": {
"type": "object",
"additionalProperties": false,
"properties": {
"num": {
"type": "integer"
},
"msg": {
"type": "string"
}
}
}
},
"additionalProperties": false
},
"dcerpc": {
"type": "object",
"properties": {
"activityuuid": {
"type": "string"
},
"call_id": {
"type": "integer"
},
"request": {
"type": "string"
},
"response": {
"type": "string"
},
"rpc_version": {
"type": "string"
},
"seqnum": {
"type": "integer"
},
"interfaces": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"ack_result": {
"type": "integer"
},
"uuid": {
"type": "string",
"suricata": {
"keywords": [
"dcerpc.iface"
]
}
},
"version": {
"type": "string",
"suricata": {
"keywords": [
"dcerpc.iface"
]
}
}
},
"additionalProperties": false
}
},
"req": {
"type": "object",
"properties": {
"frag_cnt": {
"type": "integer"
},
"opnum": {
"type": "integer",
"suricata": {
"keywords": [
"dcerpc.opnum"
]
}
},
"stub_data_size": {
"type": "integer"
}
},
"additionalProperties": false
},
"res": {
"type": "object",
"properties": {
"frag_cnt": {
"type": "integer"
},
"stub_data_size": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"dhcp": {
"type": "object",
"properties": {
"assigned_ip": {
"type": "string"
},
"client_id": {
"type": "string"
},
"client_ip": {
"type": "string"
},
"client_mac": {
"type": "string"
},
"dhcp_type": {
"type": "string"
},
"hostname": {
"type": "string"
},
"id": {
"type": "integer"
},
"lease_time": {
"type": "integer"
},
"next_server_ip": {
"type": "string"
},
"rebinding_time": {
"type": "integer"
},
"relay_ip": {
"type": "string"
},
"renewal_time": {
"type": "integer"
},
"requested_ip": {
"type": "string"
},
"subnet_mask": {
"type": "string"
},
"type": {
"type": "string"
},
"vendor_class_identifier": {
"type": "string"
},
"dns_servers": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"params": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"routers": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"dnp3": {
"type": "object",
"properties": {
"dst": {
"type": "integer"
},
"src": {
"type": "integer"
},
"type": {
"type": "string"
},
"application": {
"type": "object",
"properties": {
"complete": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"objects": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"count": {
"type": "integer"
},
"group": {
"type": "integer"
},
"prefix_code": {
"type": "integer"
},
"qualifier": {
"type": "integer"
},
"range_code": {
"type": "integer"
},
"start": {
"type": "integer"
},
"stop": {
"type": "integer"
},
"variation": {
"type": "integer"
},
"points": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": true
}
}
},
"additionalProperties": false
}
},
"control": {
"type": "object",
"properties": {
"con": {
"type": "boolean"
},
"fin": {
"type": "boolean"
},
"fir": {
"type": "boolean"
},
"sequence": {
"type": "integer"
},
"uns": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"control": {
"type": "object",
"properties": {
"dir": {
"type": "boolean"
},
"fcb": {
"type": "boolean"
},
"fcv": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"pri": {
"type": "boolean"
}
},
"additionalProperties": false
},
"iin": {
"type": "object",
"properties": {
"indicators": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"request": {
"type": "object",
"properties": {
"dst": {
"type": "integer"
},
"src": {
"type": "integer"
},
"type": {
"type": "string"
},
"application": {
"type": "object",
"properties": {
"complete": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"objects": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"count": {
"type": "integer"
},
"group": {
"type": "integer"
},
"prefix_code": {
"type": "integer"
},
"qualifier": {
"type": "integer"
},
"range_code": {
"type": "integer"
},
"start": {
"type": "integer"
},
"stop": {
"type": "integer"
},
"variation": {
"type": "integer"
},
"points": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": true
}
}
},
"additionalProperties": false
}
},
"control": {
"type": "object",
"properties": {
"con": {
"type": "boolean"
},
"fin": {
"type": "boolean"
},
"fir": {
"type": "boolean"
},
"sequence": {
"type": "integer"
},
"uns": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"control": {
"type": "object",
"properties": {
"dir": {
"type": "boolean"
},
"fcb": {
"type": "boolean"
},
"fcv": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"pri": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"properties": {
"dst": {
"type": "integer"
},
"src": {
"type": "integer"
},
"type": {
"type": "string"
},
"application": {
"type": "object",
"properties": {
"complete": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"objects": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"count": {
"type": "integer"
},
"group": {
"type": "integer"
},
"prefix_code": {
"type": "integer"
},
"qualifier": {
"type": "integer"
},
"range_code": {
"type": "integer"
},
"start": {
"type": "integer"
},
"stop": {
"type": "integer"
},
"variation": {
"type": "integer"
},
"points": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": true
}
}
},
"additionalProperties": false
}
},
"control": {
"type": "object",
"properties": {
"con": {
"type": "boolean"
},
"fin": {
"type": "boolean"
},
"fir": {
"type": "boolean"
},
"sequence": {
"type": "integer"
},
"uns": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"control": {
"type": "object",
"properties": {
"dir": {
"type": "boolean"
},
"fcb": {
"type": "boolean"
},
"fcv": {
"type": "boolean"
},
"function_code": {
"type": "integer"
},
"pri": {
"type": "boolean"
}
},
"additionalProperties": false
},
"iin": {
"type": "object",
"properties": {
"indicators": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"dns": {
"type": "object",
"required": [
"version"
],
"properties": {
"aa": {
"type": "boolean"
},
"flags": {
"type": "string"
},
"id": {
"type": "integer"
},
"qr": {
"type": "boolean"
},
"ra": {
"type": "boolean"
},
"rcode": {
"type": "string",
"suricata": {
"keywords": [
"dns.rcode"
]
}
},
"rd": {
"type": "boolean"
},
"rrname": {
"type": "string"
},
"rrtype": {
"type": "string"
},
"tx_id": {
"type": "integer"
},
"type": {
"type": "string"
},
"version": {
"description": "The version of this EVE DNS event",
"type": "integer",
"suricata": {
"keywords": false
}
},
"opcode": {
"description": "DNS opcode as an integer",
"type": "integer"
},
"tc": {
"description": "DNS truncation flag",
"type": "boolean"
},
"answers": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"rdata": {
"type": "string",
"suricata": {
"keywords": [
"dns.response.rrname"
]
}
},
"rrname": {
"type": "string",
"suricata": {
"keywords": [
"dns.answers.rrname",
"dns.response.rrname"
]
}
},
"rrtype": {
"type": "string"
},
"ttl": {
"type": "integer"
},
"soa": {
"$ref": "#/$defs/dns.soa"
},
"srv": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"port": {
"type": "integer"
},
"priority": {
"type": "integer"
},
"weight": {
"type": "integer"
}
},
"additionalProperties": false
},
"sshfp": {
"description":
"A Secure Shell fingerprint, used to verify the systems authenticity",
"type": "object",
"properties": {
"fingerprint": {
"type": "string"
},
"algo": {
"type": "integer"
},
"type": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"authorities": {
"$ref": "#/$defs/dns.authorities"
},
"additionals": {
"$ref": "#/$defs/dns.additionals"
},
"query": {
"$comment":
"EVE DNS v2 style query logging; as of Suricata 8 only used in DNS records when v2 logging is enabled, not used for DNS records logged as part of an event.",
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"rrname": {
"type": "string"
},
"rrtype": {
"type": "string"
},
"tx_id": {
"type": "integer"
},
"type": {
"type": "string"
},
"z": {
"type": "boolean"
},
"opcode": {
"description": "DNS opcode as an integer",
"type": "integer"
}
},
"additionalProperties": false
}
},
"queries": {
"$comment": "EVE DNS v3 style query logging.",
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"rrname": {
"type": "string",
"suricata": {
"keywords": [
"dns.queries.rrname",
"dns.query"
]
}
},
"rrtype": {
"type": "string",
"suricata": {
"keywords": [
"dns.rrtype"
]
}
},
"tx_id": {
"type": "integer"
},
"type": {
"type": "string"
},
"z": {
"type": "boolean"
},
"opcode": {
"description": "DNS opcode as an integer",
"type": "integer",
"suricata": {
"keywords": [
"dns.opcode"
]
}
},
"rrname_truncated": {
"description":
"Set to true if the rrname was too long and truncated by Suricata",
"type": "boolean"
}
},
"additionalProperties": false
}
},
"answer": {
"type": "object",
"properties": {
"flags": {
"type": "string"
},
"id": {
"type": "integer"
},
"qr": {
"type": "boolean"
},
"ra": {
"type": "boolean"
},
"rcode": {
"type": "string"
},
"rd": {
"type": "boolean"
},
"rrname": {
"type": "string"
},
"rrtype": {
"type": "string"
},
"type": {
"type": "string"
},
"version": {
"type": "integer"
},
"opcode": {
"description": "DNS opcode as an integer",
"type": "integer"
},
"authorities": {
"$ref": "#/$defs/dns.authorities"
},
"additionals": {
"$ref": "#/$defs/dns.additionals"
}
},
"additionalProperties": false
},
"grouped": {
"desription":
"DNS fields grouped by type: alternative format, no direct keywords",
"type": "object",
"suricata": {
"keywords": false
},
"properties": {
"A": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"AAAA": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"CNAME": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"MX": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"NS": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"NULL": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"PTR": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"SOA": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/dns.soa"
}
},
"SRV": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"port": {
"type": "integer"
},
"priority": {
"type": "integer"
},
"weight": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"TXT": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"SSHFP": {
"description":
"A Secure Shell fingerprint is used to verify the systems authenticity",
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"fingerprint": {
"type": "string"
},
"algo": {
"type": "integer"
},
"type": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
},
"z": {
"type": "boolean"
}
},
"additionalProperties": false
},
"drop": {
"type": "object",
"suricata": {
"keywords": false
},
"properties": {
"ack": {
"type": "boolean"
},
"fin": {
"type": "boolean"
},
"flowlbl": {
"type": "integer"
},
"hoplimit": {
"type": "integer"
},
"tc": {
"type": "integer"
},
"icmp_id": {
"type": "integer"
},
"icmp_seq": {
"type": "integer"
},
"ipid": {
"type": "integer"
},
"len": {
"type": "integer"
},
"psh": {
"type": "boolean"
},
"rst": {
"type": "boolean"
},
"syn": {
"type": "boolean"
},
"tcpack": {
"type": "integer"
},
"tcpres": {
"type": "integer"
},
"tcpseq": {
"type": "integer"
},
"tcpurgp": {
"type": "integer"
},
"tcpwin": {
"type": "integer"
},
"tos": {
"type": "integer"
},
"ttl": {
"type": "integer"
},
"udplen": {
"type": "integer"
},
"urg": {
"type": "boolean"
},
"reason": {
"type": "string"
},
"verdict": {
"$ref": "#/$defs/verdict_type"
}
},
"additionalProperties": false
},
"email": {
"type": "object",
"properties": {
"body_md5": {
"type": "string"
},
"cc": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"date": {
"type": "string"
},
"from": {
"type": "string"
},
"has_exe_url": {
"type": "boolean"
},
"has_ipv4_url": {
"type": "boolean"
},
"has_ipv6_url": {
"type": "boolean"
},
"received": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"status": {
"type": "string"
},
"subject": {
"type": "string"
},
"subject_md5": {
"type": "string"
},
"to": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"url": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"x_mailer": {
"type": "string"
},
"attachment": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"message_id": {
"type": "string"
}
},
"additionalProperties": false
},
"engine": {
"type": "object",
"properties": {
"error": {
"type": "string"
},
"error_code": {
"type": "integer"
},
"message": {
"type": "string"
},
"thread_name": {
"type": "string"
},
"module": {
"type": "string"
}
},
"additionalProperties": false
},
"enip": {
"type": "object",
"properties": {
"request": {
"type": "object",
"properties": {
"command": {
"type": "string"
},
"status": {
"type": "string"
},
"register_session": {
"type": "object",
"properties": {
"protocol_version": {
"type": "integer"
},
"options": {
"type": "integer"
}
},
"additionalProperties": false
},
"cip": {
"type": "object",
"properties": {
"service": {
"type": "string"
},
"path": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"segment_type": {
"type": "string"
},
"value": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"class_name": {
"type": "string"
},
"multiple": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"service": {
"type": "string"
},
"path": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"segment_type": {
"type": "string"
},
"value": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"class_name": {
"type": "string"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"properties": {
"command": {
"type": "string"
},
"status": {
"type": "string"
},
"register_session": {
"type": "object",
"properties": {
"protocol_version": {
"type": "integer"
},
"options": {
"type": "integer"
}
},
"additionalProperties": false
},
"list_services": {
"type": "object",
"properties": {
"protocol_version": {
"type": "integer"
},
"capabilities": {
"type": "integer"
},
"service_name": {
"type": "string"
}
},
"additionalProperties": false
},
"identity": {
"type": "object",
"properties": {
"protocol_version": {
"type": "integer"
},
"revision": {
"type": "string"
},
"vendor_id": {
"type": "string"
},
"device_type": {
"type": "string"
},
"product_code": {
"type": "integer"
},
"status": {
"type": "integer"
},
"serial": {
"type": "integer"
},
"product_name": {
"type": "string"
},
"state": {
"type": "integer"
}
},
"additionalProperties": false
},
"cip": {
"type": "object",
"properties": {
"service": {
"type": "string"
},
"status": {
"type": "string"
},
"status_extended": {
"type": "string"
},
"status_extended_meaning": {
"type": "string"
},
"multiple": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"service": {
"type": "string"
},
"status": {
"type": "string"
},
"status_extended": {
"type": "string"
},
"status_extended_meaning": {
"type": "string"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"ether": {
"type": "object",
"properties": {
"dest_mac": {
"type": "string"
},
"src_mac": {
"type": "string"
},
"ether_type": {
"type": "integer",
"description": "Ethernet type value "
},
"dest_macs": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"src_macs": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"fileinfo": {
"type": "object",
"properties": {
"end": {
"type": "integer"
},
"file_id": {
"type": "integer"
},
"filename": {
"type": "string"
},
"gaps": {
"type": "boolean"
},
"magic": {
"type": "string"
},
"md5": {
"type": "string"
},
"sha1": {
"type": "string"
},
"sha256": {
"type": "string"
},
"size": {
"type": "integer"
},
"start": {
"type": "integer"
},
"state": {
"type": "string"
},
"stored": {
"type": "boolean"
},
"storing": {
"description": "the file is set to be stored when completed",
"type": "boolean"
},
"tx_id": {
"type": "integer"
},
"sid": {
"type": "array",
"minItems": 1,
"items": {
"type": "integer"
}
}
},
"additionalProperties": false
},
"flow": {
"type": "object",
"properties": {
"action": {
"type": "string"
},
"age": {
"type": "integer"
},
"alerted": {
"type": "boolean"
},
"bypass": {
"type": "string"
},
"bypassed": {
"type": "object",
"properties": {
"pkts_toserver": {
"type": "integer"
},
"pkts_toclient": {
"type": "integer"
},
"bytes_toserver": {
"type": "integer"
},
"bytes_toclient": {
"type": "integer"
}
},
"additionalProperties": false
},
"bytes_toclient": {
"type": "integer"
},
"bytes_toserver": {
"type": "integer"
},
"dest_ip": {
"type": "string"
},
"dest_port": {
"type": "integer"
},
"emergency": {
"type": "boolean"
},
"end": {
"type": "string"
},
"exception_policy": {
"description": "The exception policy(ies) triggered by the flow. Not logged if none was triggered",
"type": "array",
"properties": {
"target": {
"description": "What triggered the exception",
"type": "string"
},
"policy": {
"description": "Which exception policy was applied",
"type": "string"
}
}
},
"pkts_toclient": {
"type": "integer"
},
"pkts_toserver": {
"type": "integer"
},
"reason": {
"type": "string"
},
"src_ip": {
"type": "string"
},
"src_port": {
"type": "integer"
},
"start": {
"type": "string"
},
"state": {
"type": "string"
},
"wrong_thread": {
"type": "boolean"
}
},
"additionalProperties": false
},
"frame": {
"type": "object",
"properties": {
"type": {
"type": "string"
},
"id": {
"type": "integer"
},
"direction": {
"type": "string"
},
"stream_offset": {
"type": "integer"
},
"length": {
"type": "integer"
},
"complete": {
"type": "boolean"
},
"payload": {
"type": "string"
},
"payload_printable": {
"type": "string"
},
"tx_id": {
"type": "integer"
}
},
"additionalProperties": false
},
"ftp": {
"type": "object",
"properties": {
"command": {
"type": "string"
},
"command_data": {
"type": "string"
},
"command_truncated": {
"type": "boolean"
},
"dynamic_port": {
"type": "integer"
},
"mode": {
"type": "string"
},
"reply_received": {
"type": "string"
},
"reply_truncated": {
"type": "boolean"
},
"completion_code": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"reply": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"ftp_data": {
"type": "object",
"properties": {
"command": {
"type": "string"
},
"filename": {
"type": "string"
}
},
"additionalProperties": false
},
"http": {
"type": "object",
"properties": {
"hostname": {
"type": "string"
},
"http_content_type": {
"type": "string"
},
"http_method": {
"type": "string"
},
"http_port": {
"type": "integer"
},
"http_refer": {
"type": "string"
},
"http_response_body": {
"type": "string"
},
"http_response_body_printable": {
"type": "string"
},
"http_user_agent": {
"type": "string"
},
"length": {
"type": "integer"
},
"org_src_ip": {
"type": "string"
},
"protocol": {
"type": "string"
},
"redirect": {
"type": "string"
},
"status": {
"type": "integer"
},
"status_string": {
"description": "status string when it is not a valid integer (like 2XX)",
"type": "string"
},
"true_client_ip": {
"type": "string"
},
"url": {
"type": "string"
},
"version": {
"type": "string"
},
"x_bluecoat_via": {
"type": "string"
},
"xff": {
"type": "string"
},
"request_headers": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"table_size_update": {
"type": "integer"
},
"value": {
"type": "string"
}
},
"additionalProperties": false
}
},
"response_headers": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"table_size_update": {
"type": "integer"
},
"value": {
"type": "string"
}
},
"additionalProperties": false
}
},
"content_range": {
"type": "object",
"properties": {
"end": {
"type": "integer"
},
"raw": {
"type": "string"
},
"size": {
"type": "integer"
},
"start": {
"type": "integer"
}
},
"additionalProperties": false
},
"http2": {
"type": "object",
"properties": {
"stream_id": {
"type": "integer"
},
"request": {
"type": "object",
"properties": {
"error_code": {
"type": "string"
},
"priority": {
"type": "integer"
},
"has_multiple": {
"type": "string"
},
"settings": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"settings_id": {
"type": "string"
},
"settings_value": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"properties": {
"error_code": {
"type": "string"
},
"has_multiple": {
"type": "string"
},
"settings": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"settings_id": {
"type": "string"
},
"settings_value": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"ike": {
"type": "object",
"optional": true,
"properties": {
"alg_auth": {
"type": "string"
},
"alg_auth_raw": {
"type": "integer"
},
"alg_dh": {
"type": "string"
},
"alg_dh_raw": {
"type": "integer"
},
"alg_enc": {
"type": "string"
},
"alg_enc_raw": {
"type": "integer"
},
"alg_hash": {
"type": "string"
},
"alg_hash_raw": {
"type": "integer"
},
"exchange_type": {
"type": "integer"
},
"exchange_type_verbose": {
"type": "string"
},
"init_spi": {
"type": "string"
},
"message_id": {
"type": "integer"
},
"resp_spi": {
"type": "string"
},
"role": {
"type": "string"
},
"sa_key_length": {
"type": "string"
},
"sa_key_length_raw": {
"type": "integer"
},
"sa_life_duration": {
"type": "string"
},
"sa_life_duration_raw": {
"type": "integer"
},
"sa_life_type": {
"type": "string"
},
"sa_life_type_raw": {
"type": "integer"
},
"version_major": {
"type": "integer"
},
"version_minor": {
"type": "integer"
},
"payload": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"ikev1": {
"type": "object",
"properties": {
"doi": {
"type": "integer"
},
"encrypted_payloads": {
"type": "boolean"
},
"vendor_ids": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"client": {
"type": "object",
"properties": {
"key_exchange_payload": {
"type": "string"
},
"key_exchange_payload_length": {
"type": "integer"
},
"nonce_payload": {
"type": "string"
},
"nonce_payload_length": {
"type": "integer"
},
"proposals": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"alg_auth": {
"type": "string"
},
"alg_auth_raw": {
"type": "integer"
},
"alg_dh": {
"type": "string"
},
"alg_dh_raw": {
"type": "integer"
},
"alg_enc": {
"type": "string"
},
"alg_enc_raw": {
"type": "integer"
},
"alg_hash": {
"type": "string"
},
"alg_hash_raw": {
"type": "integer"
},
"sa_key_length": {
"type": "string"
},
"sa_key_length_raw": {
"type": "integer"
},
"sa_life_duration": {
"type": "string"
},
"sa_life_duration_raw": {
"type": "integer"
},
"sa_life_type": {
"type": "string"
},
"sa_life_type_raw": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
},
"server": {
"type": "object",
"properties": {
"key_exchange_payload": {
"type": "string"
},
"key_exchange_payload_length": {
"type": "integer"
},
"nonce_payload": {
"type": "string"
},
"nonce_payload_length": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"ikev2": {
"type": "object",
"properties": {
"errors": {
"type": "integer"
},
"notify": {
"type": "array"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"krb5": {
"type": "object",
"optional": true,
"properties": {
"cname": {
"type": "string"
},
"encryption": {
"type": "string"
},
"error_code": {
"type": "string"
},
"failed_request": {
"type": "string"
},
"msg_type": {
"type": "string"
},
"realm": {
"type": "string"
},
"sname": {
"type": "string"
},
"ticket_encryption": {
"type": "string"
},
"ticket_weak_encryption": {
"type": "boolean"
},
"weak_encryption": {
"type": "boolean"
}
},
"additionalProperties": false
},
"ldap": {
"type": "object",
"optional": true,
"properties": {
"request": {
"type": "object",
"properties": {
"operation": {
"type": "string"
},
"message_id": {
"type": "integer"
},
"search_request": {
"type": "object",
"optional": "true",
"properties": {
"base_object": {
"type": "string"
},
"scope": {
"type": "integer"
},
"deref_alias": {
"type": "integer"
},
"size_limit": {
"type": "integer"
},
"time_limit": {
"type": "integer"
},
"types_online": {
"type": "boolean"
},
"attributes": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
}
},
"bind_request": {
"type": "object",
"optional": "true",
"properties": {
"version": {
"type": "integer"
},
"name": {
"type": "string"
},
"sasl": {
"type": "object",
"optional": "true",
"properties": {
"mechanism": {
"type": "string"
},
"credentials": {
"type": "string",
"optional": "true"
}
}
}
}
},
"modify_request": {
"type": "object",
"optional": "true",
"properties": {
"object": {
"type": "string"
},
"changes": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"operation": {
"type": "string"
},
"modification": {
"type": "object",
"properties": {
"attribute_type": {
"type": "string"
},
"attribute_values": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
}
}
}
}
}
}
},
"add_request": {
"type": "object",
"optional": "true",
"properties": {
"entry": {
"type": "string"
},
"attributes": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"values": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
}
}
}
}
},
"del_request": {
"type": "object",
"optional": "true",
"properties": {
"dn": {
"type": "string"
}
}
},
"mod_dn_request": {
"type": "object",
"optional": "true",
"properties": {
"entry": {
"type": "string"
},
"new_rdn": {
"type": "string"
},
"delete_old_rdn": {
"type": "boolean"
},
"new_superior": {
"type": "string",
"optional": "true"
}
}
},
"compare_request": {
"type": "object",
"optional": "true",
"properties": {
"entry": {
"type": "string"
},
"attribute_value_assertion": {
"type": "object",
"properties": {
"description": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"abandon_request": {
"type": "object",
"optional": "true",
"properties": {
"message_id": {
"type": "integer"
}
}
},
"extended_request": {
"type": "object",
"optional": "true",
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string",
"optional": "true"
}
}
}
},
"additionalProperties": false
},
"responses": {
"type": "array",
"optional": "true",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"search_result_done": {
"type": "object",
"optional": "true",
"properties": {
"result_code": {
"type": "string"
},
"matched_dn": {
"type": "string"
},
"message": {
"type": "string"
}
}
},
"bind_response": {
"type": "object",
"optional": "true",
"properties": {
"result_code": {
"type": "string"
},
"matched_dn": {
"type": "string"
},
"message": {
"type": "string"
},
"server_sasl_creds": {
"type": "string",
"optional": "true"
}
}
},
"modify_response": {
"type": "object",
"optional": "true",
"properties": {
"result_code": {
"type": "string"
},
"matched_dn": {
"type": "string"
},
"message": {
"type": "string"
}
}
},
"add_response": {
"type": "object",
"optional": "true",
"properties": {
"result_code": {
"type": "string"
},
"matched_dn": {
"type": "string"
},
"message": {
"type": "string"
}
}
},
"del_response": {
"type": "object",
"optional": "true",
"properties": {
"result_code": {
"type": "string"
},
"matched_dn": {
"type": "string"
},
"message": {
"type": "string"
}
}
},
"mod_dn_response": {
"type": "object",
"optional": "true",
"properties": {
"result_code": {
"type": "string"
},
"matched_dn": {
"type": "string"
},
"message": {
"type": "string"
}
}
},
"compare_response": {
"type": "object",
"optional": "true",
"properties": {
"result_code": {
"type": "string"
},
"matched_dn": {
"type": "string"
},
"message": {
"type": "string"
}
}
},
"extended_response": {
"type": "object",
"optional": "true",
"properties": {
"result_code": {
"type": "string"
},
"matched_dn": {
"type": "string"
},
"message": {
"type": "string"
},
"name": {
"type": "string"
},
"value": {
"type": "string"
}
}
},
"intermediate_response": {
"type": "object",
"optional": "true",
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
}
}
}
},
"metadata": {
"type": "object",
"optional": true,
"properties": {
"flowbits": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"flowvars": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"gid": {
"type": "string"
},
"key": {
"type": "string"
},
"value": {
"type": "string"
}
},
"additionalProperties": true
}
},
"pktvars": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"uid": {
"type": "string"
},
"username": {
"type": "string"
}
},
"additionalProperties": false
}
},
"flowints": {
"type": "object",
"additionalProperties": true
}
},
"additionalProperties": false
},
"modbus": {
"type": "object",
"optional": true,
"properties": {
"id": {
"type": "integer"
},
"request": {
"type": "object",
"properties": {
"access_type": {
"type": "string"
},
"category": {
"type": "string"
},
"data": {
"type": "string"
},
"error_flags": {
"type": "string"
},
"function_code": {
"type": "string"
},
"function_raw": {
"type": "integer"
},
"protocol_id": {
"type": "integer"
},
"transaction_id": {
"type": "integer"
},
"unit_id": {
"type": "integer"
},
"diagnostic": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"data": {
"type": "string"
},
"raw": {
"type": "integer"
}
},
"additionalProperties": false
},
"mei": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"data": {
"type": "string"
},
"raw": {
"type": "integer"
}
},
"additionalProperties": false
},
"read": {
"type": "object",
"properties": {
"address": {
"type": "integer"
},
"quantity": {
"type": "integer"
}
},
"additionalProperties": false
},
"write": {
"type": "object",
"properties": {
"address": {
"type": "integer"
},
"data": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"properties": {
"access_type": {
"type": "string"
},
"category": {
"type": "string"
},
"data": {
"type": "string"
},
"error_flags": {
"type": "string"
},
"function_code": {
"type": "string"
},
"function_raw": {
"type": "integer"
},
"protocol_id": {
"type": "integer"
},
"transaction_id": {
"type": "integer"
},
"unit_id": {
"type": "integer"
},
"diagnostic": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"data": {
"type": "string"
},
"raw": {
"type": "integer"
}
},
"additionalProperties": false
},
"exception": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"raw": {
"type": "integer"
}
},
"additionalProperties": false
},
"read": {
"type": "object",
"properties": {
"data": {
"type": "string"
}
},
"additionalProperties": false
},
"write": {
"type": "object",
"properties": {
"address": {
"type": "integer"
},
"data": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"mqtt": {
"type": "object",
"optional": true,
"properties": {
"connack": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"return_code": {
"type": "integer"
},
"session_present": {
"type": "boolean"
},
"properties": {
"type": "object",
"additionalProperties": true
}
},
"additionalProperties": false
},
"connect": {
"type": "object",
"properties": {
"client_id": {
"type": "string"
},
"dup": {
"type": "boolean"
},
"password": {
"type": "string"
},
"protocol_string": {
"type": "string"
},
"protocol_version": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"username": {
"type": "string"
},
"flags": {
"type": "object",
"properties": {
"clean_session": {
"type": "boolean"
},
"password": {
"type": "boolean"
},
"username": {
"type": "boolean"
},
"will": {
"type": "boolean"
},
"will_retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"properties": {
"type": "object",
"additionalProperties": true
},
"will": {
"type": "object",
"properties": {
"message": {
"type": "string"
},
"topic": {
"type": "string"
},
"properties": {
"type": "object",
"additionalProperties": true
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"disconnect": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"qos": {
"type": "integer"
},
"reason_code": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"properties": {
"type": "object",
"additionalProperties": true
}
},
"additionalProperties": false
},
"pingreq": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"pingresp": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"puback": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"reason_code": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"pubcomp": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"reason_code": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"publish": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message": {
"type": "string"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"skipped_length": {
"type": "integer"
},
"topic": {
"type": "string"
},
"truncated": {
"type": "boolean"
},
"properties": {
"type": "object",
"additionalProperties": true
}
},
"additionalProperties": false
},
"pubrec": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"reason_code": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"pubrel": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"reason_code": {
"type": "integer"
},
"retain": {
"type": "boolean"
}
},
"additionalProperties": false
},
"suback": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"qos_granted": {
"type": "array",
"minItems": 1,
"items": {
"type": "integer"
}
}
},
"additionalProperties": false
},
"subscribe": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"topics": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"qos": {
"type": "integer"
},
"topic": {
"type": "string"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
},
"unsuback": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"reason_codes": {
"type": "array",
"minItems": 1,
"items": {
"type": "integer"
}
}
},
"additionalProperties": false
},
"unsubscribe": {
"type": "object",
"properties": {
"dup": {
"type": "boolean"
},
"message_id": {
"type": "integer"
},
"qos": {
"type": "integer"
},
"retain": {
"type": "boolean"
},
"topics": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"netflow": {
"type": "object",
"optional": true,
"properties": {
"age": {
"type": "integer"
},
"bytes": {
"type": "integer"
},
"end": {
"type": "string"
},
"max_ttl": {
"type": "integer"
},
"min_ttl": {
"type": "integer"
},
"pkts": {
"type": "integer"
},
"start": {
"type": "string"
}
},
"additionalProperties": false
},
"nfs": {
"type": "object",
"optional": true,
"properties": {
"file_tx": {
"type": "boolean"
},
"filename": {
"type": "string"
},
"hhash": {
"type": "string"
},
"id": {
"type": "integer"
},
"procedure": {
"type": "string"
},
"status": {
"type": "string"
},
"type": {
"type": "string"
},
"version": {
"type": "integer"
},
"read": {
"type": "object",
"optional": true,
"properties": {
"chunks": {
"type": "integer"
},
"first": {
"type": "boolean"
},
"last": {
"type": "boolean"
},
"last_xid": {
"type": "integer"
}
},
"additionalProperties": false
},
"rename": {
"type": "object",
"optional": true,
"properties": {
"from": {
"type": "string"
},
"to": {
"type": "string"
}
},
"additionalProperties": false
},
"write": {
"type": "object",
"optional": true,
"properties": {
"chunks": {
"type": "integer"
},
"first": {
"type": "boolean"
},
"last": {
"type": "boolean"
},
"last_xid": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"packet_info": {
"type": "object",
"optional": true,
"properties": {
"linktype": {
"type": "integer"
}
},
"additionalProperties": false
},
"pgsql": {
"type": "object",
"optional": true,
"properties": {
"request": {
"type": "object",
"properties": {
"message": {
"type": "string"
},
"password": {
"type": "string"
},
"password_message": {
"type": "string"
},
"process_id": {
"type": "integer"
},
"protocol_version": {
"type": "string"
},
"sasl_authentication_mechanism": {
"type": "string"
},
"sasl_param": {
"type": "string"
},
"sasl_response": {
"type": "string"
},
"secret_key": {
"type": "integer"
},
"simple_query": {
"type": "string"
},
"startup_parameters": {
"type": "object",
"properties": {
"optional_parameters": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"application_name": {
"type": "string"
},
"client_encoding": {
"type": "string"
},
"database": {
"type": "string"
},
"datestyle": {
"type": "string"
},
"extra_float_digits": {
"type": "string"
},
"options": {
"type": "string"
},
"replication": {
"type": "string"
}
},
"additionalProperties": true
}
},
"user": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"properties": {
"authentication_md5_password": {
"type": "string"
},
"authentication_sasl_final": {
"type": "string"
},
"code": {
"type": "string"
},
"command_completed": {
"type": "string"
},
"data_rows": {
"type": "integer"
},
"data_size": {
"type": "integer"
},
"field_count": {
"type": "integer"
},
"file": {
"type": "string"
},
"line": {
"type": "string"
},
"message": {
"type": "string"
},
"parameter_status": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"application_name": {
"type": "string"
},
"client_encoding": {
"type": "string"
},
"date_style": {
"type": "string"
},
"integer_datetimes": {
"type": "string"
},
"interval_style": {
"type": "string"
},
"is_superuser": {
"type": "string"
},
"server_encoding": {
"type": "string"
},
"server_version": {
"type": "string"
},
"session_authorization": {
"type": "string"
},
"standard_conforming_strings": {
"type": "string"
},
"time_zone": {
"type": "string"
}
},
"additionalProperties": true
}
},
"process_id": {
"type": "integer"
},
"routine": {
"type": "string"
},
"secret_key": {
"type": "integer"
},
"severity_localizable": {
"type": "string"
},
"severity_non_localizable": {
"type": "string"
},
"ssl_accepted": {
"type": "boolean"
}
},
"additionalProperties": false
},
"tx_id": {
"type": "integer"
}
},
"additionalProperties": false
},
"quic": {
"type": "object",
"optional": true,
"properties": {
"cyu": {
"description":
"ja3-like fingerprint for versions of QUIC before standardization",
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"hash": {
"description": "cyu hash hex representation",
"type": "string"
},
"string": {
"description": "cyu hash string representation",
"type": "string"
}
},
"additionalProperties": false
}
},
"extensions": {
"description": "list of extensions in hello",
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"name": {
"description": "human-friendly name of the extension",
"type": "string"
},
"type": {
"description": "integer identifier of the extension",
"type": "integer"
},
"values": {
"description": "extension values",
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"ja3": {
"description": "ja3 from client, as in TLS",
"type": "object",
"optional": true,
"properties": {
"hash": {
"description": "ja3 hex representation",
"type": "string"
},
"string": {
"description": "ja3 string representation",
"type": "string"
}
},
"additionalProperties": false
},
"ja3s": {
"description": "ja3 from server, as in TLS",
"type": "object",
"optional": true,
"properties": {
"hash": {
"description": "ja3s hex representation",
"type": "string"
},
"string": {
"description": "ja3s string representation",
"type": "string"
}
},
"additionalProperties": false
},
"ja4": {
"suricata": {
"keywords": [
"ja4.hash"
]
},
"type": "string"
},
"sni": {
"description": "Server Name Indication",
"type": "string"
},
"ua": {
"description": "User Agent for versions of QUIC before standardization",
"type": "string"
},
"version": {
"description": "Quic protocol version",
"type": "string"
}
},
"additionalProperties": false
},
"rdp": {
"type": "object",
"optional": true,
"properties": {
"cookie": {
"type": "string"
},
"event_type": {
"type": "string"
},
"tx_id": {
"type": "integer"
},
"channels": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"client": {
"type": "object",
"properties": {
"build": {
"type": "string"
},
"client_name": {
"type": "string"
},
"color_depth": {
"type": "integer"
},
"desktop_height": {
"type": "integer"
},
"desktop_width": {
"type": "integer"
},
"function_keys": {
"type": "integer"
},
"id": {
"type": "string"
},
"keyboard_layout": {
"type": "string"
},
"keyboard_type": {
"type": "string"
},
"product_id": {
"type": "integer"
},
"version": {
"type": "string"
},
"capabilities": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"rfb": {
"type": "object",
"optional": true,
"properties": {
"screen_shared": {
"type": "boolean"
},
"authentication": {
"type": "object",
"properties": {
"security_result": {
"type": "string"
},
"security_type": {
"type": "integer"
},
"vnc": {
"type": "object",
"properties": {
"challenge": {
"type": "string"
},
"response": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"client_protocol_version": {
"type": "object",
"properties": {
"major": {
"type": "string"
},
"minor": {
"type": "string"
}
},
"additionalProperties": false
},
"framebuffer": {
"type": "object",
"properties": {
"height": {
"type": "integer"
},
"name": {
"type": "string"
},
"width": {
"type": "integer"
},
"pixel_format": {
"type": "object",
"properties": {
"big_endian": {
"type": "boolean"
},
"bits_per_pixel": {
"type": "integer"
},
"blue_max": {
"type": "integer"
},
"blue_shift": {
"type": "integer"
},
"depth": {
"type": "integer"
},
"green_max": {
"type": "integer"
},
"green_shift": {
"type": "integer"
},
"red_max": {
"type": "integer"
},
"red_shift": {
"type": "integer"
},
"true_color": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"server_protocol_version": {
"type": "object",
"properties": {
"major": {
"type": "string"
},
"minor": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"rpc": {
"type": "object",
"optional": true,
"properties": {
"auth_type": {
"type": "string"
},
"status": {
"type": "string"
},
"xid": {
"type": "integer"
},
"creds": {
"type": "object",
"optional": true,
"properties": {
"gid": {
"type": "integer"
},
"machine_name": {
"type": "string"
},
"uid": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"sip": {
"type": "object",
"optional": true,
"properties": {
"code": {
"type": "string"
},
"method": {
"type": "string"
},
"reason": {
"type": "string"
},
"request_line": {
"type": "string"
},
"response_line": {
"type": "string"
},
"uri": {
"type": "string"
},
"version": {
"type": "string"
},
"sdp": {
"type": "object",
"description": "SDP message body",
"optional": true,
"properties": {
"version": {
"type": "integer",
"description": "SDP protocol version"
},
"origin": {
"type": "string",
"description": "Owner of the session"
},
"session_name": {
"type": "string",
"description": "Session name"
},
"session_info": {
"type": "string",
"optional": true,
"description": "Textual information about the session"
},
"uri": {
"type": "string",
"optional": true,
"description": "A pointer to additional information about the session"
},
"email": {
"type": "string",
"optional": true,
"description":
"Email address for the person responsible for the conference"
},
"phone_number": {
"type": "string",
"optional": true,
"description":
"Phone number for the person responsible for the conference"
},
"connection_data": {
"type": "string",
"optional": true,
"description": "Connection data"
},
"bandwidths": {
"type": "array",
"optional": true,
"description": "Proposed bandwidths to be used by the session or media",
"minItems": 1,
"items": {
"type": "string"
}
},
"time": {
"type": "string",
"optional": true,
"description": "Start and stop times for a session"
},
"repeat_time": {
"type": "string",
"optional": true,
"description": "Specify repeat times for a session"
},
"timezone": {
"type": "string",
"optional": true,
"description":
"Timezone to specify adjustments for times and offsets from the base time"
},
"encryption_key": {
"type": "string",
"optional": true,
"description":
"Field used to convey encryption keys if SDP is used over a secure channel"
},
"attributes": {
"type": "array",
"optional": true,
"description": "A list of attributes to extend SDP",
"minItems": 1,
"items": {
"type": "string",
"description": "Attribute's name and value"
}
},
"media_descriptions": {
"type": "array",
"description": "A list of media descriptions for a session",
"minItems": 1,
"items": {
"type": "object",
"optional": true,
"properties": {
"media": {
"type": "string",
"description": "Media description"
},
"media_info": {
"type": "string",
"optional": true,
"description":
"Media information primarily intended for labelling media streams"
},
"bandwidths": {
"type": "array",
"optional": true,
"description": "A list of bandwidth proposed for a media",
"minItems": 1,
"items": {
"type": "string"
}
},
"connection_data": {
"type": "string",
"optional": true,
"description": "Connection data per media description"
},
"attributes": {
"type": "array",
"description":
"A list of attributes specified for a media description",
"optional": true,
"minItems": 1,
"items": {
"type": "string",
"description": "Attribute's name and value"
}
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"smb": {
"type": "object",
"optional": true,
"properties": {
"access": {
"type": "string"
},
"accessed": {
"type": "integer"
},
"changed": {
"type": "integer"
},
"client_guid": {
"type": "string"
},
"command": {
"type": "string"
},
"created": {
"type": "integer"
},
"dialect": {
"type": "string"
},
"directory": {
"type": "string"
},
"disposition": {
"type": "string"
},
"filename": {
"type": "string"
},
"fuid": {
"type": "string"
},
"function": {
"type": "string"
},
"id": {
"type": "integer"
},
"level_of_interest": {
"type": "string"
},
"max_read_size": {
"type": "integer"
},
"max_write_size": {
"type": "integer"
},
"modified": {
"type": "integer"
},
"named_pipe": {
"type": "string"
},
"rename": {
"type": "object",
"optional": true,
"properties": {
"from": {
"type": "string"
},
"to": {
"type": "string"
}
},
"additionalProperties": false
},
"request_done": {
"type": "boolean"
},
"response_done": {
"type": "boolean"
},
"server_guid": {
"type": "string"
},
"session_id": {
"type": "integer"
},
"set_info": {
"type": "object",
"optional": true,
"properties": {
"class": {
"type": "string"
},
"info_level": {
"type": "string"
}
},
"additionalProperties": false
},
"share": {
"type": "string"
},
"share_type": {
"type": "string"
},
"size": {
"type": "integer"
},
"subcmd": {
"type": "string"
},
"status": {
"type": "string"
},
"status_code": {
"type": "string"
},
"tree_id": {
"type": "integer"
},
"client_dialects": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"set_info": {
"type": "object",
"optional": true,
"properties": {
"class": {
"type": "string"
},
"info_level": {
"type": "string"
}
}
},
"rename": {
"type": "object",
"optional": true,
"properties": {
"from": {
"type": "string"
},
"to": {
"type": "string"
}
}
},
"dcerpc": {
"type": "object",
"optional": true,
"properties": {
"call_id": {
"type": "integer"
},
"opnum": {
"type": "integer"
},
"request": {
"type": "string"
},
"response": {
"type": "string"
},
"interfaces": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"optional": true,
"properties": {
"ack_reason": {
"type": "integer"
},
"ack_result": {
"type": "integer"
},
"uuid": {
"type": "string"
},
"version": {
"type": "string"
}
},
"additionalProperties": false
}
},
"req": {
"type": "object",
"optional": true,
"properties": {
"frag_cnt": {
"type": "integer"
},
"stub_data_size": {
"type": "integer"
}
},
"additionalProperties": false
},
"res": {
"type": "object",
"optional": true,
"properties": {
"frag_cnt": {
"type": "integer"
},
"stub_data_size": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"kerberos": {
"type": "object",
"optional": true,
"properties": {
"realm": {
"type": "string"
},
"snames": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"ntlmssp": {
"type": "object",
"optional": true,
"properties": {
"domain": {
"type": "string"
},
"host": {
"type": "string"
},
"user": {
"type": "string"
},
"version": {
"type": "string",
"optional": true
},
"warning": {
"type": "boolean"
}
},
"additionalProperties": false
},
"request": {
"type": "object",
"optional": true,
"properties": {
"native_lm": {
"type": "string"
},
"native_os": {
"type": "string"
}
},
"additionalProperties": false
},
"response": {
"type": "object",
"optional": true,
"properties": {
"native_lm": {
"type": "string"
},
"native_os": {
"type": "string"
}
},
"additionalProperties": false
},
"service": {
"type": "object",
"optional": true,
"properties": {
"request": {
"type": "string"
},
"response": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"smtp": {
"type": "object",
"optional": true,
"properties": {
"helo": {
"type": "string"
},
"mail_from": {
"type": "string"
},
"rcpt_to": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"snmp": {
"type": "object",
"optional": true,
"properties": {
"community": {
"type": "string"
},
"pdu_type": {
"type": "string"
},
"usm": {
"type": "string"
},
"version": {
"type": "integer"
},
"vars": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"ssh": {
"type": "object",
"optional": true,
"properties": {
"client": {
"type": "object",
"properties": {
"proto_version": {
"type": "string"
},
"software_version": {
"type": "string"
},
"hassh": {
"type": "object",
"properties": {
"hash": {
"type": "string"
},
"string": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"server": {
"type": "object",
"properties": {
"proto_version": {
"type": "string"
},
"software_version": {
"type": "string"
},
"hassh": {
"type": "object",
"properties": {
"hash": {
"type": "string"
},
"string": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"stats": {
"type": "object",
"optional": true,
"suricata": {
"keywords": false
},
"properties": {
"uptime": {
"description": "Suricata engine's uptime",
"type": "integer"
},
"capture": {
"type": "object",
"properties": {
"kernel_packets": {
"type": "integer"
},
"kernel_drops": {
"type": "integer"
},
"kernel_ifdrops": {
"type": "integer"
}
}
},
"app_layer": {
"type": "object",
"properties": {
"expectations": {
"description": "Expectation (dynamic parallel flow) counter",
"type": "integer"
},
"error": {
"type": "object",
"properties": {
"exception_policy": {
"description":
"Consolidated stats on how many times app-layer error exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"bittorrent-dht": {
"description":
"Errors encountered parsing BitTorrent DHT protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"dcerpc_tcp": {
"description": "Errors encountered parsing DCERPC/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"dcerpc_udp": {
"description": "Errors encountered parsing DCERPC/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"dhcp": {
"description": "Errors encountered parsing DHCP",
"$ref": "#/$defs/stats_applayer_error"
},
"dnp3": {
"description": "Errors encountered parsing DNP3",
"$ref": "#/$defs/stats_applayer_error"
},
"dns_tcp": {
"description": "Errors encountered parsing DNS/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"dns_udp": {
"description": "Errors encountered parsing DNS/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"doh2": {
"$ref": "#/$defs/stats_applayer_error"
},
"enip_tcp": {
"description": "Errors encounterd parsing ENIP/TCP",
"$ref": "#/$defs/stats_applayer_error"
},
"enip_udp": {
"description": "Errors encountered parsing ENIP/UDP",
"$ref": "#/$defs/stats_applayer_error"
},
"failed_tcp": {
"description": "Errors encountered parsing TCP",
"$ref": "#/$defs/stats_applayer_error"
},
"ftp": {
"description": "Errors encountered parsing FTP",
"$ref": "#/$defs/stats_applayer_error"
},
"ftp-data": {
"description": "Errors encountered parsing FTP data",
"$ref": "#/$defs/stats_applayer_error"
},
"http": {
"description": "Errors encountered parsing HTTP",
"$ref": "#/$defs/stats_applayer_error"
},
"http2": {
"description": "Errors encountered parsing HTTP/2",
"$ref": "#/$defs/stats_applayer_error"
},
"ike": {
"description": "Errors encountered parsing IKE protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"imap": {
"description": "Errors encountered parsing IMAP",
"$ref": "#/$defs/stats_applayer_error"
},
"krb5_tcp": {
"description":
"Errors encountered parsing Kerberos v5/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"krb5_udp": {
"description":
"Errors encountered parsing Kerberos v5/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"ldap_tcp": {
"description": "Errors encountered parsing LDAP/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"ldap_udp": {
"description": "Errors encountered parsing LDAP/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"modbus": {
"description": "Errors encountered parsing Modbus protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"mqtt": {
"description": "Errors encountered parsing MQTT protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"nfs_tcp": {
"description": "Errors encountered parsing NFS/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"nfs_udp": {
"description": "Errors encountered parsing NFS/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"ntp": {
"description": "Errors encountered parsing NTP",
"$ref": "#/$defs/stats_applayer_error"
},
"pgsql": {
"description": "Errors encountered parsing PostgreSQL protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"pop3": {
"$ref": "#/$defs/stats_applayer_error"
},
"quic": {
"description": "Errors encountered parsing QUIC protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"rdp": {
"description": "Errors encountered parsing RDP",
"$ref": "#/$defs/stats_applayer_error"
},
"rfb": {
"description": "Errors encountered parsing RFB protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"sip_udp": {
"description": "Errors encountered parsing SIP/UDP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"sip_tcp": {
"description": "Errors encountered parsing SIP/TCP protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"smb": {
"description": "Errors encountered parsing SMB protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"smtp": {
"description": "Errors encountered parsing SMTP",
"$ref": "#/$defs/stats_applayer_error"
},
"snmp": {
"description": "Errors encountered parsing SNMP",
"$ref": "#/$defs/stats_applayer_error"
},
"ssh": {
"description": "Errors encountered parsing SSH protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"telnet": {
"description": "Errors encountered parsing Telnet protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"tftp": {
"description": "Errors encountered parsing TFTP",
"$ref": "#/$defs/stats_applayer_error"
},
"tls": {
"description": "Errors encountered parsing TLS protocol",
"$ref": "#/$defs/stats_applayer_error"
},
"websocket": {
"$ref": "#/$defs/stats_applayer_error"
}
},
"additionalProperties": false
},
"flow": {
"type": "object",
"properties": {
"bittorrent-dht": {
"description": "Number of flows for BitTorrent DHT protocol",
"type": "integer"
},
"dcerpc_tcp": {
"description": "Number of flows for DCERPC/TCP protocol",
"type": "integer"
},
"dcerpc_udp": {
"description": "Number of flows for DCERPC/UDP protocol",
"type": "integer"
},
"dhcp": {
"description": "Number of flows for DHCP",
"type": "integer"
},
"dnp3": {
"description": "Number of flows for DNP3",
"type": "integer"
},
"dns_tcp": {
"description": "Number of flows for DNS/TCP protocol",
"type": "integer"
},
"dns_udp": {
"description": "Number of flows for DNS/UDP protocol",
"type": "integer"
},
"doh2": {
"type": "integer"
},
"enip_tcp": {
"description": "Number of flows for ENIP/TCP",
"type": "integer"
},
"enip_udp": {
"description": "Number of flows for ENIP/UDP",
"type": "integer"
},
"failed_tcp": {
"description": "Number of failed flows for TCP",
"type": "integer"
},
"failed_udp": {
"description": "Number of failed flows for UDP",
"type": "integer"
},
"ftp": {
"description": "Number of flows for FTP",
"type": "integer"
},
"ftp-data": {
"description": "Number of flows for FTP data protocol",
"type": "integer"
},
"http": {
"description": "Number of flows for HTTP",
"type": "integer"
},
"http2": {
"description": "Number of flows for HTTP/2",
"type": "integer"
},
"ike": {
"description": "Number of flows for IKE protocol",
"type": "integer"
},
"ikev2": {
"description": "Number of flows for IKE v2 protocol",
"type": "integer"
},
"imap": {
"description": "Number of flows for IMAP",
"type": "integer"
},
"krb5_tcp": {
"description": "Number of flows for Kerberos v5/TCP protocol",
"type": "integer"
},
"krb5_udp": {
"description": "Number of flows for Kerberos v5/UDP protocol",
"type": "integer"
},
"ldap_tcp": {
"description": "Number of flows for LDAP/TCP protocol",
"type": "integer"
},
"ldap_udp": {
"description": "Number of flows LDAP/UDP protocol",
"type": "integer"
},
"modbus": {
"description": "Number of flows for Modbus protocol",
"type": "integer"
},
"mqtt": {
"description": "Number of flows for MQTT protocol",
"type": "integer"
},
"nfs_tcp": {
"description": "Number of flows for NFS/TCP protocol",
"type": "integer"
},
"nfs_udp": {
"description": "Number of flows for NFS/UDP protocol",
"type": "integer"
},
"ntp": {
"description": "Number of flows for NTP",
"type": "integer"
},
"pgsql": {
"description": "Number of flows for PostgreSQL protocol",
"type": "integer"
},
"pop3": {
"type": "integer"
},
"quic": {
"description": "Number of flows for QUIC protocol",
"type": "integer"
},
"rdp": {
"description": "Number of flows for RDP",
"type": "integer"
},
"rfb": {
"description": "Number of flows for RFB protocol",
"type": "integer"
},
"sip_udp": {
"description": "Number of flows for SIP/UDP protocol",
"type": "integer"
},
"sip_tcp": {
"description": "Number of flows for SIP/TCP protocol",
"type": "integer"
},
"smb": {
"description": "Number of flows for SMB protocol",
"type": "integer"
},
"smtp": {
"description": "Number of flows for SMTP",
"type": "integer"
},
"snmp": {
"description": "Number of flows for SNMP",
"type": "integer"
},
"ssh": {
"description": "Number of flows for SSH protocol",
"type": "integer"
},
"telnet": {
"description": "Number of flows for Telnet protocol",
"type": "integer"
},
"tftp": {
"description": "Number of flows for TFTP",
"type": "integer"
},
"tls": {
"description": "Number of flows for TLS protocol",
"type": "integer"
},
"websocket": {
"type": "integer"
}
},
"additionalProperties": false
},
"tx": {
"type": "object",
"properties": {
"bittorrent-dht": {
"description":
"Number of transactions for BitTorrent DHT protocol",
"type": "integer"
},
"dcerpc_tcp": {
"description": "Number of transactions for DCERPC/TCP protocol",
"type": "integer"
},
"dcerpc_udp": {
"description": "Number of transactions for DCERPC/UDP protocol",
"type": "integer"
},
"dhcp": {
"description": "Number of transactions for DHCP",
"type": "integer"
},
"dnp3": {
"description": "Number of transactions for DNP3",
"type": "integer"
},
"dns_tcp": {
"description": "Number of transactions for DNS/TCP protocol",
"type": "integer"
},
"dns_udp": {
"description": "Number of transactions for DNS/UDP protocol",
"type": "integer"
},
"doh2": {
"type": "integer"
},
"enip_tcp": {
"description": "Number of transactions for ENIP/TCP",
"type": "integer"
},
"enip_udp": {
"description": "Number of transactions for ENIP/UDP",
"type": "integer"
},
"ftp": {
"description": "Number of transactions for FTP",
"type": "integer"
},
"ftp-data": {
"description": "Number of transactions for FTP data protocol",
"type": "integer"
},
"http": {
"description": "Number of transactions for HTTP",
"type": "integer"
},
"http2": {
"description": "Number of transactions for HTTP/2",
"type": "integer"
},
"ike": {
"description": "Number of transactions for IKE protocol",
"type": "integer"
},
"ikev2": {
"description": "Number of transactions for IKE v2 protocol",
"type": "integer"
},
"imap": {
"description": "Number of transactions for IMAP",
"type": "integer"
},
"krb5_tcp": {
"description":
"Number of transactions for Kerberos v5/TCP protocol",
"type": "integer"
},
"krb5_udp": {
"description":
"Number of transactions for Kerberos v5/UDP protocol",
"type": "integer"
},
"ldap_tcp": {
"description": "Number of transactions for LDAP/TCP protocol",
"type": "integer"
},
"ldap_udp": {
"description": "Number of transactions for LDAP/UDP protocol",
"type": "integer"
},
"modbus": {
"description": "Number of transactions for Modbus protocol",
"type": "integer"
},
"mqtt": {
"description": "Number of transactions for MQTT protocol",
"type": "integer"
},
"nfs_tcp": {
"description": "Number of transactions for NFS/TCP protocol",
"type": "integer"
},
"nfs_udp": {
"description": "Number of transactions for NFS/UDP protocol",
"type": "integer"
},
"ntp": {
"description": "Number of transactions for NTP",
"type": "integer"
},
"pgsql": {
"description": "Number of transactions for PostgreSQL protocol",
"type": "integer"
},
"pop3": {
"type": "integer"
},
"quic": {
"description": "Number of transactions for QUIC protocol",
"type": "integer"
},
"rdp": {
"description": "Number of transactions for RDP",
"type": "integer"
},
"rfb": {
"description": "Number of transactions for RFB protocol",
"type": "integer"
},
"sip_udp": {
"description": "Number of transactions for SIP/UDP protocol",
"type": "integer"
},
"sip_tcp": {
"description": "Number of transactions for SIP/TCP protocol",
"type": "integer"
},
"smb": {
"description": "Number of transactions for SMB protocol",
"type": "integer"
},
"smtp": {
"description": "Number of transactions for SMTP",
"type": "integer"
},
"snmp": {
"description": "Number of transactions for SNMP",
"type": "integer"
},
"ssh": {
"description": "Number of transactions for SSH protocol",
"type": "integer"
},
"telnet": {
"description": "Number of transactions for Telnet protocol",
"type": "integer"
},
"tftp": {
"description": "Number of transactions for TFTP",
"type": "integer"
},
"tls": {
"description": "Number of transactions for TLS protocol",
"type": "integer"
},
"websocket": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"ips": {
"type": "object",
"properties": {
"accepted": {
"description": "Number of accepted packets",
"type": "integer"
},
"blocked": {
"description": "Number of blocked packets",
"type": "integer"
},
"rejected": {
"description": "Number of rejected packets",
"type": "integer"
},
"replaced": {
"description": "Number of replaced packets",
"type": "integer"
},
"drop_reason": {
"description": "Number of dropped packets, grouped by drop reason",
"type": "object",
"properties": {
"decode_error": {
"description":
"Number of packets dropped due to decoding errors",
"type": "integer"
},
"defrag_error": {
"description":
"Number of packets dropped due to defragmentation errors",
"type": "integer"
},
"defrag_memcap": {
"description":
"Number of packets dropped due to defrag memcap exception policy",
"type": "integer"
},
"flow_memcap": {
"description":
"Number of packets dropped due to flow memcap exception policy",
"type": "integer"
},
"flow_drop": {
"description": "Number of packets dropped due to dropped flows",
"type": "integer"
},
"applayer_error": {
"description":
"Number of packets dropped due to app-layer error exception policy",
"type": "integer"
},
"applayer_memcap": {
"description":
"Number of packets dropped due to applayer memcap",
"type": "integer"
},
"rules": {
"description": "Number of packets dropped due to rule actions",
"type": "integer"
},
"threshold_detection_filter": {
"description":
"Number of packets dropped due to threshold detection filter",
"type": "integer"
},
"stream_error": {
"description":
"Number of packets dropped due to invalid TCP stream",
"type": "integer"
},
"stream_memcap": {
"description":
"Number of packets dropped due to stream memcap exception policy",
"type": "integer"
},
"stream_midstream": {
"description":
"Number of packets dropped due to stream midstream exception policy",
"type": "integer"
},
"stream_reassembly": {
"description":
"Number of packets dropped due to stream reassembly exception policy",
"type": "integer"
},
"stream_urgent": {
"description":
"Number of packets dropped due to TCP urgent flag",
"type": "integer"
},
"nfq_error": {
"description":
"Number of packets dropped due to no NFQ verdict",
"type": "integer"
},
"tunnel_packet_drop": {
"description":
"Number of packets dropped due to inner tunnel packet being dropped",
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"decoder": {
"type": "object",
"properties": {
"avg_pkt_size": {
"type": "integer"
},
"bytes": {
"type": "integer"
},
"chdlc": {
"type": "integer"
},
"erspan": {
"type": "integer"
},
"esp": {
"type": "integer"
},
"ethernet": {
"type": "integer"
},
"arp": {
"type": "integer"
},
"unknown_ethertype": {
"type": "integer"
},
"geneve": {
"type": "integer"
},
"gre": {
"type": "integer"
},
"icmpv4": {
"type": "integer"
},
"icmpv6": {
"type": "integer"
},
"ieee8021ah": {
"type": "integer"
},
"invalid": {
"type": "integer"
},
"ipv4": {
"type": "integer"
},
"ipv4_in_ipv6": {
"type": "integer"
},
"ipv6": {
"type": "integer"
},
"ipv6_in_ipv6": {
"type": "integer"
},
"max_mac_addrs_dst": {
"type": "integer"
},
"max_mac_addrs_src": {
"type": "integer"
},
"max_pkt_size": {
"type": "integer"
},
"mpls": {
"type": "integer"
},
"nsh": {
"type": "integer"
},
"null": {
"type": "integer"
},
"pkts": {
"type": "integer"
},
"ppp": {
"type": "integer"
},
"pppoe": {
"type": "integer"
},
"raw": {
"type": "integer"
},
"sctp": {
"type": "integer"
},
"sll": {
"type": "integer"
},
"tcp": {
"type": "integer"
},
"teredo": {
"type": "integer"
},
"too_many_layers": {
"type": "integer"
},
"udp": {
"type": "integer"
},
"vlan": {
"type": "integer"
},
"vlan_qinq": {
"type": "integer"
},
"vlan_qinqinq": {
"type": "integer"
},
"vntag": {
"type": "integer"
},
"vxlan": {
"type": "integer"
},
"event": {
"type": "object",
"properties": {
"afpacket": {
"type": "object",
"properties": {
"trunc_pkt": {
"description":
"Number of packets truncated by AF_PACKET",
"type": "integer"
}
},
"additionalProperties": false
},
"arp": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
},
"unsupported_hardware": {
"type": "integer"
},
"unsupported_protocol": {
"type": "integer"
},
"unsupported_pkt": {
"type": "integer"
},
"invalid_hardware_size": {
"type": "integer"
},
"invalid_protocol_size": {
"type": "integer"
},
"unsupported_opcode": {
"type": "integer"
}
},
"additionalProperties": false
},
"chdlc": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"dce": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"erspan": {
"type": "object",
"properties": {
"header_too_small": {
"type": "integer"
},
"too_many_vlan_layers": {
"type": "integer"
},
"unsupported_version": {
"type": "integer"
}
},
"additionalProperties": false
},
"esp": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"ethernet": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
},
"unknown_ethertype": {
"type": "integer"
}
},
"additionalProperties": false
},
"geneve": {
"type": "object",
"properties": {
"unknown_payload_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"gre": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
},
"version0_flags": {
"type": "integer"
},
"version0_hdr_too_big": {
"type": "integer"
},
"version0_malformed_sre_hdr": {
"type": "integer"
},
"version0_recur": {
"type": "integer"
},
"version1_chksum": {
"type": "integer"
},
"version1_flags": {
"type": "integer"
},
"version1_hdr_too_big": {
"type": "integer"
},
"version1_malformed_sre_hdr": {
"type": "integer"
},
"version1_no_key": {
"type": "integer"
},
"version1_recur": {
"type": "integer"
},
"version1_route": {
"type": "integer"
},
"version1_ssr": {
"type": "integer"
},
"version1_wrong_protocol": {
"type": "integer"
},
"wrong_version": {
"type": "integer"
}
},
"additionalProperties": false
},
"icmpv4": {
"type": "object",
"properties": {
"ipv4_trunc_pkt": {
"type": "integer"
},
"ipv4_unknown_ver": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"unknown_code": {
"type": "integer"
},
"unknown_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"icmpv6": {
"type": "object",
"properties": {
"experimentation_type": {
"type": "integer"
},
"ipv6_trunc_pkt": {
"type": "integer"
},
"ipv6_unknown_version": {
"type": "integer"
},
"mld_message_with_invalid_hl": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"unassigned_type": {
"type": "integer"
},
"unknown_code": {
"type": "integer"
},
"unknown_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"ieee8021ah": {
"type": "object",
"properties": {
"header_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"ipraw": {
"type": "object",
"properties": {
"invalid_ip_version": {
"type": "integer"
}
},
"additionalProperties": false
},
"ipv4": {
"type": "object",
"properties": {
"frag_ignored": {
"type": "integer"
},
"frag_overlap": {
"type": "integer"
},
"frag_pkt_too_large": {
"type": "integer"
},
"hlen_too_small": {
"type": "integer"
},
"icmpv6": {
"type": "integer"
},
"iplen_smaller_than_hlen": {
"type": "integer"
},
"opt_duplicate": {
"type": "integer"
},
"opt_eol_required": {
"type": "integer"
},
"opt_invalid": {
"type": "integer"
},
"opt_invalid_len": {
"type": "integer"
},
"opt_malformed": {
"type": "integer"
},
"opt_pad_required": {
"type": "integer"
},
"opt_unknown": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"trunc_pkt": {
"type": "integer"
},
"wrong_ip_version": {
"type": "integer"
}
},
"additionalProperties": false
},
"ipv6": {
"type": "object",
"properties": {
"data_after_none_header": {
"type": "integer"
},
"dstopts_only_padding": {
"type": "integer"
},
"dstopts_unknown_opt": {
"type": "integer"
},
"exthdr_ah_res_not_null": {
"type": "integer"
},
"exthdr_dupl_ah": {
"type": "integer"
},
"exthdr_dupl_dh": {
"type": "integer"
},
"exthdr_dupl_eh": {
"type": "integer"
},
"exthdr_dupl_fh": {
"type": "integer"
},
"exthdr_dupl_hh": {
"type": "integer"
},
"exthdr_dupl_rh": {
"type": "integer"
},
"exthdr_invalid_optlen": {
"type": "integer"
},
"exthdr_useless_fh": {
"type": "integer"
},
"fh_non_zero_reserved_field": {
"type": "integer"
},
"frag_ignored": {
"type": "integer"
},
"frag_invalid_length": {
"type": "integer"
},
"frag_overlap": {
"type": "integer"
},
"frag_pkt_too_large": {
"type": "integer"
},
"hopopts_only_padding": {
"type": "integer"
},
"hopopts_unknown_opt": {
"type": "integer"
},
"icmpv4": {
"type": "integer"
},
"ipv4_in_ipv6_too_small": {
"type": "integer"
},
"ipv4_in_ipv6_wrong_version": {
"type": "integer"
},
"ipv6_in_ipv6_too_small": {
"type": "integer"
},
"ipv6_in_ipv6_wrong_version": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"rh_type_0": {
"type": "integer"
},
"trunc_exthdr": {
"type": "integer"
},
"trunc_pkt": {
"type": "integer"
},
"unknown_next_header": {
"type": "integer"
},
"wrong_ip_version": {
"type": "integer"
},
"zero_len_padn": {
"type": "integer"
}
},
"additionalProperties": false
},
"ltnull": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
},
"unsupported_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"mpls": {
"type": "object",
"properties": {
"bad_label_implicit_null": {
"type": "integer"
},
"bad_label_reserved": {
"type": "integer"
},
"bad_label_router_alert": {
"type": "integer"
},
"header_too_small": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"unknown_payload_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"nsh": {
"type": "object",
"properties": {
"bad_header_length": {
"type": "integer"
},
"header_too_small": {
"type": "integer"
},
"reserved_type": {
"type": "integer"
},
"unknown_payload": {
"type": "integer"
},
"unsupported_type": {
"type": "integer"
},
"unsupported_version": {
"type": "integer"
}
},
"additionalProperties": false
},
"ppp": {
"type": "object",
"properties": {
"ip4_pkt_too_small": {
"type": "integer"
},
"ip6_pkt_too_small": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"unsup_proto": {
"type": "integer"
},
"vju_pkt_too_small": {
"type": "integer"
},
"wrong_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"pppoe": {
"type": "object",
"properties": {
"malformed_tags": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"wrong_code": {
"type": "integer"
}
},
"additionalProperties": false
},
"sctp": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"sll": {
"type": "object",
"properties": {
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"tcp": {
"type": "object",
"properties": {
"hlen_too_small": {
"type": "integer"
},
"invalid_optlen": {
"type": "integer"
},
"opt_duplicate": {
"type": "integer"
},
"opt_invalid_len": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
}
},
"additionalProperties": false
},
"udp": {
"type": "object",
"properties": {
"hlen_invalid": {
"type": "integer"
},
"hlen_too_small": {
"type": "integer"
},
"pkt_too_small": {
"type": "integer"
},
"len_invalid": {
"type": "integer"
}
},
"additionalProperties": false
},
"vlan": {
"type": "object",
"properties": {
"header_too_small": {
"type": "integer"
},
"too_many_layers": {
"type": "integer"
},
"unknown_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"vntag": {
"type": "object",
"properties": {
"header_too_small": {
"type": "integer"
},
"unknown_type": {
"type": "integer"
}
},
"additionalProperties": false
},
"vxlan": {
"type": "object",
"properties": {
"unknown_payload_type": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"defrag": {
"type": "object",
"properties": {
"tracker_soft_reuse": {
"type": "integer",
"description":
"Finished tracker re-used from hash table before being moved to spare pool"
},
"tracker_hard_reuse": {
"type": "integer",
"description":
"Active tracker force closed before completion and reused for new tracker"
},
"max_trackers_reached": {
"type": "integer",
"description":
"How many times a packet wasn't reassembled due to max-trackers limit being reached"
},
"max_frags_reached": {
"type": "integer",
"description":
"How many times a fragment wasn't stored due to max-frags limit being reached"
},
"memuse": {
"type": "integer",
"description": "Current memory use."
},
"memcap_exception_policy": {
"description":
"How many times defrag memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"ipv4": {
"type": "object",
"properties": {
"fragments": {
"type": "integer"
},
"reassembled": {
"type": "integer"
},
"timeouts": {
"type": "integer"
}
},
"additionalProperties": false
},
"ipv6": {
"type": "object",
"properties": {
"fragments": {
"type": "integer"
},
"reassembled": {
"type": "integer"
},
"timeouts": {
"type": "integer"
}
},
"additionalProperties": false
},
"mgr": {
"type": "object",
"properties": {
"tracker_timeout": {
"type": "integer"
}
},
"additionalProperties": false
},
"wrk": {
"type": "object",
"properties": {
"tracker_timeout": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"detect": {
"type": "object",
"properties": {
"alert": {
"type": "integer"
},
"alert_queue_overflow": {
"type": "integer"
},
"alerts_suppressed": {
"type": "integer"
},
"lua": {
"type": "object",
"properties": {
"blocked_function_errors": {
"description":
"Counter for Lua scripts failing due to blocked functions being called",
"type": "integer"
},
"instruction_limit_errors": {
"description":
"Count of Lua rules exceeding the instruction limit",
"type": "integer"
},
"memory_limit_errors": {
"description": "Count of Lua rules exceeding the memory limit",
"type": "integer"
},
"errors": {
"description": "Errors encountered while running Lua scripts",
"type": "integer"
}
},
"additionalProperties": false
},
"mpm_list": {
"type": "integer"
},
"nonmpm_list": {
"type": "integer"
},
"fnonmpm_list": {
"type": "integer"
},
"match_list": {
"type": "integer"
},
"engines": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"last_reload": {
"type": "string"
},
"rules_loaded": {
"type": "integer"
},
"rules_failed": {
"type": "integer"
},
"rules_skipped": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
},
"file_store": {
"type": "object",
"properties": {
"fs_errors": {
"type": "integer"
},
"open_files": {
"type": "integer"
},
"open_files_max_hit": {
"type": "integer"
}
},
"additionalProperties": false
},
"flow": {
"type": "object",
"properties": {
"active": {
"description": "Number of currently active flows",
"type": "integer"
},
"emerg_mode_entered": {
"description": "Number of times emergency mode was entered",
"type": "integer"
},
"emerg_mode_over": {
"description": "Number of times recovery was made from emergency mode",
"type": "integer"
},
"get_used": {
"description":
"Number of reused flows from the hash table in case memcap was reached and spare pool was empty",
"type": "integer"
},
"get_used_eval": {
"description":
"Number of attempts at getting a flow directly from the hash",
"type": "integer"
},
"get_used_eval_busy": {
"description":
"Number of times a flow was found in the hash but the lock for hash bucket could not be obtained",
"type": "integer"
},
"get_used_eval_reject": {
"description":
"Number of flows that were evaluated but rejected from reuse as they were still alive/active",
"type": "integer"
},
"get_used_failed": {
"description":
"Number of times retrieval of flow from hash was attempted but was unsuccessful",
"type": "integer"
},
"icmpv4": {
"description": "Number of ICMPv4 flows",
"type": "integer"
},
"icmpv6": {
"description": "Number of ICMPv6 flows",
"type": "integer"
},
"memcap": {
"description": "Number of times memcap was reached for flows",
"type": "integer"
},
"memcap_exception_policy": {
"description":
"How many times flow memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"memuse": {
"description": "Memory currently in use by the flows",
"type": "integer"
},
"spare": {
"description": "Number of flows in the spare pool",
"type": "integer"
},
"tcp": {
"description": "Number of TCP flows",
"type": "integer"
},
"tcp_reuse": {
"description":
"Number of TCP flows that were reused as they seemed to share the same flow tuple",
"type": "integer"
},
"total": {
"description": "Total number of flows",
"type": "integer"
},
"udp": {
"description": "Number of UDP flows",
"type": "integer"
},
"end": {
"type": "object",
"properties": {
"state": {
"type": "object",
"properties": {
"new": {
"type": "integer"
},
"established": {
"type": "integer"
},
"closed": {
"type": "integer"
},
"local_bypassed": {
"type": "integer"
},
"capture_bypassed": {
"type": "integer"
}
},
"additionalProperties": false
},
"tcp_state": {
"type": "object",
"properties": {
"none": {
"type": "integer"
},
"syn_sent": {
"type": "integer"
},
"syn_recv": {
"type": "integer"
},
"established": {
"type": "integer"
},
"fin_wait1": {
"type": "integer"
},
"fin_wait2": {
"type": "integer"
},
"time_wait": {
"type": "integer"
},
"last_ack": {
"type": "integer"
},
"close_wait": {
"type": "integer"
},
"closing": {
"type": "integer"
},
"closed": {
"type": "integer"
}
},
"additionalProperties": false
},
"tcp_liberal": {
"type": "integer"
}
},
"additionalProperties": false
},
"mgr": {
"type": "object",
"properties": {
"flows_checked": {
"description":
"number of flows checked for timeout in the last pass",
"type": "integer"
},
"flows_evicted": {
"description": "number of flows that were evicted",
"type": "integer"
},
"flows_evicted_needs_work": {
"description":
"number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work",
"type": "integer"
},
"flows_notimeout": {
"description": "number of flows that did not time out",
"type": "integer"
},
"flows_timeout": {
"description": "number of flows that reached the time out",
"type": "integer"
},
"full_hash_pass": {
"description":
"number of times a full pass of the hash table was done",
"type": "integer"
},
"rows_maxlen": {
"description": "size of the biggest row in the hash table",
"type": "integer"
},
"rows_per_sec": {
"description":
"number of rows to be scanned every second by a worker",
"type": "integer"
}
},
"additionalProperties": false
},
"recycler": {
"type": "object",
"properties": {
"recycled": {
"description": "number of recycled flows",
"type": "integer"
},
"queue_avg": {
"description": "average number of recycled flows per queue",
"type": "integer"
},
"queue_max": {
"description": "maximum number of recycled flows per queue",
"type": "integer"
}
},
"additionalProperties": false
},
"wrk": {
"type": "object",
"properties": {
"flows_evicted": {
"type": "integer"
},
"flows_evicted_needs_work": {
"type": "integer"
},
"flows_evicted_pkt_inject": {
"type": "integer"
},
"flows_injected": {
"type": "integer"
},
"flows_injected_max": {
"type": "integer"
},
"spare_sync": {
"type": "integer"
},
"spare_sync_avg": {
"type": "integer"
},
"spare_sync_empty": {
"type": "integer"
},
"spare_sync_incomplete": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"flow_bypassed": {
"type": "object",
"properties": {
"bytes": {
"type": "integer"
},
"closed": {
"type": "integer"
},
"local_bytes": {
"type": "integer"
},
"local_capture_bytes": {
"type": "integer"
},
"local_capture_pkts": {
"type": "integer"
},
"local_pkts": {
"type": "integer"
},
"pkts": {
"type": "integer"
}
},
"additionalProperties": false
},
"flow_mgr": {
"type": "object",
"properties": {
"bypassed_pruned": {
"type": "integer"
},
"closed_pruned": {
"type": "integer"
},
"est_pruned": {
"type": "integer"
},
"flows_checked": {
"type": "integer"
},
"flows_notimeout": {
"type": "integer"
},
"flows_removed": {
"type": "integer"
},
"flows_timeout": {
"type": "integer"
},
"new_pruned": {
"type": "integer"
},
"rows_busy": {
"type": "integer"
},
"rows_checked": {
"type": "integer"
},
"rows_empty": {
"type": "integer"
},
"rows_maxlen": {
"type": "integer"
},
"rows_skipped": {
"type": "integer"
}
},
"additionalProperties": false
},
"memcap": {
"type": "object",
"properties": {
"pressure": {
"description":
"Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http",
"type": "integer"
},
"pressure_max": {
"description": "Maximum pressure seen by the engine",
"type": "integer"
}
},
"additionalProperties": false
},
"ftp": {
"type": "object",
"properties": {
"memcap": {
"type": "integer"
},
"memuse": {
"type": "integer"
}
},
"additionalProperties": false
},
"http": {
"type": "object",
"properties": {
"memcap": {
"type": "integer"
},
"memuse": {
"type": "integer"
},
"byterange": {
"type": "object",
"properties": {
"memcap": {
"type": "integer"
},
"memuse": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"host": {
"type": "object",
"properties": {
"memcap": {
"type": "integer"
},
"memuse": {
"type": "integer"
}
},
"additionalProperties": false
},
"ippair": {
"type": "object",
"properties": {
"memcap": {
"type": "integer"
},
"memuse": {
"type": "integer"
}
},
"additionalProperties": false
},
"tcp": {
"type": "object",
"properties": {
"ack_unseen_data": {
"type": "integer"
},
"active_sessions": {
"type": "integer"
},
"insert_data_normal_fail": {
"type": "integer"
},
"insert_data_overlap_fail": {
"type": "integer"
},
"insert_list_fail": {
"type": "integer"
},
"invalid_checksum": {
"type": "integer"
},
"memuse": {
"type": "integer"
},
"midstream_pickups": {
"type": "integer"
},
"midstream_exception_policy": {
"description":
"How many times midstream exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"no_flow": {
"type": "integer"
},
"overlap": {
"type": "integer"
},
"overlap_diff_data": {
"type": "integer"
},
"pkt_on_wrong_thread": {
"type": "integer"
},
"pseudo": {
"type": "integer"
},
"reassembly_exception_policy": {
"description":
"How many times reassembly memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"reassembly_gap": {
"type": "integer"
},
"reassembly_memuse": {
"type": "integer"
},
"rst": {
"type": "integer"
},
"segment_memcap_drop": {
"type": "integer"
},
"segment_from_cache": {
"type": "integer"
},
"segment_from_pool": {
"type": "integer"
},
"sessions": {
"type": "integer"
},
"ssn_from_cache": {
"type": "integer"
},
"ssn_from_pool": {
"type": "integer"
},
"ssn_memcap_drop": {
"type": "integer"
},
"ssn_memcap_exception_policy": {
"description":
"How many times session memcap exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
},
"stream_depth_reached": {
"type": "integer"
},
"syn": {
"type": "integer"
},
"synack": {
"type": "integer"
},
"urg": {
"description": "Number of TCP packets with the urgent flag set",
"type": "integer"
},
"urgent_oob_data": {
"description": "Number of OOB bytes tracked in TCP urgent handling",
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"tcp": {
"type": "object",
"properties": {
"ack": {
"type": "boolean"
},
"cwr": {
"type": "boolean"
},
"ecn": {
"type": "boolean"
},
"fin": {
"type": "boolean"
},
"psh": {
"type": "boolean"
},
"rst": {
"type": "boolean"
},
"state": {
"type": "string"
},
"syn": {
"type": "boolean"
},
"tc_gap": {
"type": "boolean"
},
"tc_max_regions": {
"type": "integer"
},
"tc_urgent_oob_data": {
"description":
"Number of Out-of-Band bytes sent by server using TCP urgent packets",
"type": "integer"
},
"tcp_flags": {
"type": "string"
},
"tcp_flags_tc": {
"type": "string"
},
"tcp_flags_ts": {
"type": "string"
},
"ts_gap": {
"type": "boolean"
},
"ts_max_regions": {
"type": "integer"
},
"ts_urgent_oob_data": {
"description":
"Number of Out-of-Band bytes sent by client using TCP urgent packets",
"type": "integer"
},
"urg": {
"type": "boolean"
}
},
"additionalProperties": true
},
"template": {
"type": "object",
"properties": {
"request": {
"type": "string"
},
"response": {
"type": "string"
}
},
"additionalProperties": false
},
"tftp": {
"type": "object",
"properties": {
"file": {
"type": "string"
},
"mode": {
"type": "string"
},
"packet": {
"type": "string"
}
},
"additionalProperties": false
},
"tls": {
"type": "object",
"properties": {
"certificate": {
"type": "string",
"suricata": {
"keywords": [
"tls.certs"
]
}
},
"chain": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
},
"suricata": {
"keywords": [
"tls.certs",
"tls.cert_chain_len"
]
}
},
"client": {
"type": "object",
"properties": {
"certificate": {
"type": "string",
"suricata": {
"keywords": [
"tls.certs"
]
}
},
"chain": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
},
"suricata": {
"keywords": [
"tls.certs",
"tls.cert_chain_len"
]
}
},
"fingerprint": {
"type": "string",
"suricata": {
"keywords": [
"tls.cert_fingerprint",
"tls.fingerprint"
]
}
},
"issuerdn": {
"suricata": {
"keywords": [
"tls.cert_issuer",
"tls.issuerdn"
]
},
"type": "string"
},
"subjectaltname": {
"description": "TLS Subject Alternative Name field",
"type": "array",
"suricata": {
"keywords": [
"tls.subjectaltname"
]
},
"items": {
"type": "string"
}
},
"notafter": {
"$ref": "#/$defs/tls_date",
"suricata": {
"keywords": [
"tls_cert_notafter",
"tls_cert_expired",
"tls_cert_valid"
]
}
},
"notbefore": {
"$ref": "#/$defs/tls_date",
"suricata": {
"keywords": [
"tls_cert_notbefore",
"tls_cert_expired",
"tls_cert_valid"
]
}
},
"serial": {
"type": "string",
"suricata": {
"keywords": [
"tls.cert_serial"
]
}
},
"subject": {
"type": "string",
"suricata": {
"keywords": [
"tls.cert_subject",
"tls.subject"
]
}
}
},
"additionalProperties": false
},
"client_alpns": {
"description": "TLS client ALPN field(s)",
"type": "array",
"suricata": {
"keywords": [
"tls.alpn"
]
},
"items": {
"type": "string"
}
},
"server_alpns": {
"description": "TLS server ALPN field(s)",
"type": "array",
"suricata": {
"keywords": [
"tls.alpn"
]
},
"items": {
"type": "string"
}
},
"fingerprint": {
"type": "string",
"suricata": {
"keywords": [
"tls.cert_fingerprint",
"tls.fingerprint"
]
}
},
"from_proto": {
"type": "string"
},
"issuerdn": {
"suricata": {
"keywords": [
"tls.cert_issuer",
"tls.issuerdn"
]
},
"type": "string"
},
"subjectaltname": {
"description": "TLS Subject Alternative Name field",
"type": "array",
"suricata": {
"keywords": [
"tls.subjectaltname"
]
},
"items": {
"type": "string"
}
},
"notafter": {
"$ref": "#/$defs/tls_date",
"suricata": {
"keywords": [
"tls_cert_notafter",
"tls_cert_expired",
"tls_cert_valid"
]
}
},
"notbefore": {
"$ref": "#/$defs/tls_date",
"suricata": {
"keywords": [
"tls_cert_notbefore",
"tls_cert_expired",
"tls_cert_valid"
]
}
},
"serial": {
"type": "string",
"suricata": {
"keywords": [
"tls.cert_serial"
]
}
},
"session_resumed": {
"type": "boolean"
},
"sni": {
"type": "string",
"suricata": {
"keywords": [
"tls.sni"
]
}
},
"subject": {
"type": "string",
"suricata": {
"keywords": [
"tls.cert_subject",
"tls.subject"
]
}
},
"version": {
"type": "string",
"suricata": {
"keywords": [
"tls.version"
]
}
},
"ja3": {
"type": "object",
"properties": {
"hash": {
"suricata": {
"keywords": [
"ja3.hash"
]
},
"type": "string"
},
"string": {
"suricata": {
"keywords": [
"ja3s.string"
]
},
"type": "string"
}
},
"additionalProperties": false
},
"ja3s": {
"type": "object",
"properties": {
"hash": {
"suricata": {
"keywords": [
"ja3s.hash"
]
},
"type": "string"
},
"string": {
"suricata": {
"keywords": [
"ja3s.string"
]
},
"type": "string"
}
},
"additionalProperties": false
},
"ja4": {
"suricata": {
"keywords": [
"ja4.hash"
]
},
"type": "string"
}
},
"additionalProperties": false
},
"traffic": {
"type": "object",
"properties": {
"id": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"label": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"tunnel": {
"type": "object",
"properties": {
"depth": {
"type": "integer"
},
"dest_ip": {
"type": "string"
},
"dest_port": {
"type": "integer"
},
"pcap_cnt": {
"type": "integer"
},
"pkt_src": {
"type": "string"
},
"proto": {
"type": "string"
},
"src_ip": {
"type": "string"
},
"src_port": {
"type": "integer"
}
},
"additionalProperties": false
},
"websocket": {
"type": "object",
"properties": {
"fin": {
"type": "boolean"
},
"mask": {
"type": "integer"
},
"opcode": {
"type": "string"
},
"payload_base64": {
"type": "string"
},
"payload_printable": {
"type": "string"
}
},
"additionalProperties": false
}
},
"$defs": {
"dns.soa": {
"type": "object",
"properties": {
"expire": {
"type": "integer"
},
"minimum": {
"type": "integer"
},
"mname": {
"type": "string"
},
"refresh": {
"type": "integer"
},
"retry": {
"type": "integer"
},
"rname": {
"type": "string"
},
"serial": {
"type": "integer"
},
"mname_truncated": {
"description":
"Set to true if the mname was too long and truncated by Suricata",
"type": "boolean"
}
},
"additionalProperties": false
},
"dns.authorities": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"rdata": {
"type": "string",
"suricata": {
"keywords": [
"dns.response.rrname"
]
}
},
"rrname": {
"type": "string",
"suricata": {
"keywords": [
"dns.authorities.rrname",
"dns.response.rrname"
]
}
},
"rrtype": {
"type": "string"
},
"ttl": {
"type": "integer"
},
"soa": {
"$ref": "#/$defs/dns.soa"
},
"rdata_truncated": {
"description":
"Set to true if the rdata was too long and truncated by Suricata",
"type": "boolean"
},
"rrname_truncated": {
"description":
"Set to true if the rrname was too long and truncated by Suricata",
"type": "boolean"
}
},
"additionalProperties": false
}
},
"dns.additionals": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"rdata": {
"type": "string",
"suricata": {
"keywords": [
"dns.response.rrname"
]
}
},
"rrname": {
"type": "string",
"suricata": {
"keywords": [
"dns.additionals.rrname",
"dns.response.rrname"
]
}
},
"rrtype": {
"type": "string"
},
"ttl": {
"type": "integer"
},
"opt": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"code": {
"type": "integer"
},
"data": {
"type": "string"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
},
"stats_applayer_error": {
"type": "object",
"properties": {
"gap": {
"description": "Number of errors processing gaps",
"type": "integer"
},
"alloc": {
"description": "Number of errors allocating memory",
"type": "integer"
},
"parser": {
"description": "Number of errors reported by parser",
"type": "integer"
},
"internal": {
"description": "Number of internal parser errors",
"type": "integer"
},
"exception_policy": {
"description":
"How many times app-layer error exception policy was applied, and which one",
"$ref": "#/$defs/exceptionPolicy"
}
},
"additionalProperties": false
},
"tls_date": {
"$comment": "Definition for TLS date formats",
"type": "string",
"pattern": "^[1-2]\\d{3}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$"
},
"verdict_type": {
"type": "object",
"properties": {
"action": {
"type": "string"
},
"reject": {
"type": "array",
"items": {
"type": "string",
"oneOf": [
{
"enum": [
"icmp-prohib",
"tcp-reset"
]
}
]
}
},
"reject-target": {
"type": "string",
"oneOf": [
{
"enum": [
"to_client",
"to_server",
"both"
]
}
]
}
}
},
"exceptionPolicy": {
"type": "object",
"properties": {
"drop_flow": {
"type": "integer",
"minimum": 0
},
"drop_packet": {
"type": "integer",
"minimum": 0
},
"pass_flow": {
"type": "integer",
"minimum": 0
},
"pass_packet": {
"type": "integer",
"minimum": 0
},
"bypass": {
"type": "integer",
"minimum": 0
},
"reject": {
"type": "integer",
"minimum": 0
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink