"type": "integer"
},
"lease_time": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "dhcp.leasetime"
+ ]
+ }
},
"next_server_ip": {
"type": "string"
}
},
"rebinding_time": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "dhcp.rebinding_time"
+ ]
+ }
},
"relay_ip": {
"type": "string"
},
"renewal_time": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "dhcp.renewal_time"
+ ]
+ }
},
"requested_ip": {
"type": "string"
"additionalProperties": false,
"properties": {
"class_name": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.cip_class"
+ ]
+ }
},
"multiple": {
"type": "array",
"additionalProperties": false,
"properties": {
"class_name": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.cip_class"
+ ]
+ }
},
"path": {
"type": "array",
"type": "string"
},
"value": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.cip_attribute",
+ "enip.cip_class",
+ "enip.cip_instance"
+ ]
+ }
}
}
}
"type": "string"
},
"value": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.cip_attribute",
+ "enip.cip_class",
+ "enip.cip_instance"
+ ]
+ }
}
}
}
}
},
"command": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.command"
+ ]
+ }
},
"register_session": {
"type": "object",
"type": "integer"
},
"protocol_version": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.protocol_version"
+ ]
+ }
}
}
},
"status": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.status"
+ ]
+ }
}
}
},
"type": "string"
},
"status": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.cip_status"
+ ]
+ }
},
"status_extended": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.cip_extendedstatus"
+ ]
+ }
},
"status_extended_meaning": {
"type": "string"
"type": "string"
},
"status": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.cip_status"
+ ]
+ }
},
"status_extended": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.cip_extendedstatus"
+ ]
+ }
},
"status_extended_meaning": {
"type": "string"
}
},
"command": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.command"
+ ]
+ }
},
"identity": {
"type": "object",
"additionalProperties": false,
"properties": {
"device_type": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.device_type"
+ ]
+ }
},
"product_code": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.product_code"
+ ]
+ }
},
"product_name": {
"type": "string"
},
"protocol_version": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.protocol_version"
+ ]
+ }
},
"revision": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.revision"
+ ]
+ }
},
"serial": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.serial"
+ ]
+ }
},
"state": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.state"
+ ]
+ }
},
"status": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.identity_status"
+ ]
+ }
},
"vendor_id": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.vendor_id"
+ ]
+ }
}
}
},
"additionalProperties": false,
"properties": {
"capabilities": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.capabilities"
+ ]
+ }
},
"protocol_version": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.protocol_version"
+ ]
+ }
},
"service_name": {
"type": "string"
"type": "integer"
},
"protocol_version": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "enip.protocol_version"
+ ]
+ }
}
}
},
"status": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "enip.status"
+ ]
+ }
}
}
}
},
"size": {
"type": "integer",
- "description": "The observed size fo the file, in bytes"
+ "description": "The observed size fo the file, in bytes",
+ "suricata": {
+ "keywords": [
+ "filesize"
+ ]
+ }
},
"start": {
"type": "integer",
}
},
"dynamic_port": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "ftp.dynamic_port"
+ ]
+ }
},
"mode": {
"type": "string"
"type": "string"
},
"priority": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "http2.priority"
+ ]
+ }
},
"settings": {
"type": "array",
"type": "string"
},
"table_size_update": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "http2.size_update"
+ ]
+ }
},
"value": {
"type": "string"
"type": "string"
},
"table_size_update": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "http2.size_update"
+ ]
+ }
},
"value": {
"type": "string"
}
},
"icmp_code": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "icode"
+ ]
+ }
},
"icmp_type": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "itype"
+ ]
+ }
},
"ike": {
"type": "object",
"type": "integer"
},
"exchange_type": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "ike.exchtype"
+ ]
+ }
},
"exchange_type_verbose": {
"type": "string"
"type": "string"
},
"key_exchange_payload_length": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "ike.key_exchange_payload_length"
+ ]
+ }
},
"nonce_payload": {
"type": "string"
},
"nonce_payload_length": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "ike.nonce_payload_length"
+ ]
+ }
},
"proposals": {
"type": "array",
"mqtt": {
"type": "object",
"additionalProperties": false,
+ "suricata": {
+ "keywords": [
+ "mqtt.type"
+ ]
+ },
"properties": {
"connack": {
"type": "object",
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"properties": {
"type": "object",
"type": "integer"
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"return_code": {
"type": "integer"
"type": "string"
},
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"flags": {
"type": "object",
"additionalProperties": false,
+ "suricata": {
+ "keywords": [
+ "mqtt.connect.flags"
+ ]
+ },
"properties": {
"clean_session": {
"type": "boolean"
"type": "string"
},
"protocol_version": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "mqtt.protocol_version"
+ ]
+ }
},
"qos": {
"type": "integer"
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"username": {
"type": "string"
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"properties": {
"type": "object",
"type": "integer"
},
"reason_code": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "mqtt.reason_code"
+ ]
+ }
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
}
}
},
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"qos": {
"type": "integer"
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
}
}
},
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"qos": {
"type": "integer"
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
}
}
},
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"message_id": {
"type": "integer"
"type": "integer"
},
"reason_code": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "mqtt.reason_code"
+ ]
+ }
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
}
}
},
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"message_id": {
"type": "integer"
"type": "integer"
},
"reason_code": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "mqtt.reason_code"
+ ]
+ }
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
}
}
},
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"message": {
"type": "string"
"type": "integer"
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"skipped_length": {
"type": "integer"
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"message_id": {
"type": "integer"
"type": "integer"
},
"reason_code": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "mqtt.reason_code"
+ ]
+ }
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
}
}
},
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"message_id": {
"type": "integer"
"type": "integer"
},
"reason_code": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "mqtt.reason_code"
+ ]
+ }
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
}
}
},
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"message_id": {
"type": "integer"
}
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
}
}
},
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"message_id": {
"type": "integer"
"type": "integer"
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"topics": {
"type": "array",
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"message_id": {
"type": "integer"
"minItems": 1,
"items": {
"type": "integer"
+ },
+ "suricata": {
+ "keywords": [
+ "mqtt.reason_code"
+ ]
}
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
}
}
},
"additionalProperties": false,
"properties": {
"dup": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"message_id": {
"type": "integer"
"type": "integer"
},
"retain": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "mqtt.flags"
+ ]
+ }
},
"topics": {
"type": "array",
"type": "integer"
},
"procedure": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "nfs_procedure"
+ ]
+ }
},
"read": {
"type": "object",
"type": "string"
},
"version": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "nfs.version"
+ ]
+ }
},
"write": {
"type": "object",
"additionalProperties": false,
"properties": {
"security_result": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "rfb.secresult"
+ ]
+ }
},
"security_type": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "rfb.sectype"
+ ]
+ }
},
"vnc": {
"type": "object",
"type": "string"
},
"pdu_type": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "snmp.pdu_type"
+ ]
+ }
},
"usm": {
"type": "string"
}
},
"version": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "snmp.version"
+ ]
+ }
}
},
"optional": true
},
"vlan": {
"type": "array",
+ "suricata": {
+ "keywords": [
+ "vlan.layers"
+ ]
+ },
"minItems": 1,
"items": {
- "type": "number"
+ "type": "number",
+ "suricata": {
+ "keywords": [
+ "vlan.id"
+ ]
+ }
}
},
"websocket": {
"additionalProperties": false,
"properties": {
"fin": {
- "type": "boolean"
+ "type": "boolean",
+ "suricata": {
+ "keywords": [
+ "websocket.flags"
+ ]
+ }
},
"mask": {
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "websocket.mask"
+ ]
+ }
},
"opcode": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "websocket.opcode"
+ ]
+ }
},
"payload_base64": {
"type": "string"
projects / thirdparty / suricata.git / commitdiff
