"type": "integer"
},
"tx_guessed": {
- "description": "the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect",
+ "description":
+ "the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect",
"type": "boolean"
},
"files": {
"type": "boolean"
},
"rcode": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "dns.rcode"
+ ]
+ }
},
"rd": {
"type": "boolean"
"type": "object",
"properties": {
"rdata": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "dns.response.rrname"
+ ]
+ }
},
"rrname": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "dns.answers.rrname",
+ "dns.response.rrname"
+ ]
+ }
},
"rrtype": {
"type": "string"
"type": "integer"
},
"rrname": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "dns.queries.rrname",
+ "dns.query"
+ ]
+ }
},
"rrtype": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "dns.rrtype"
+ ]
+ }
},
"tx_id": {
"type": "integer"
},
"opcode": {
"description": "DNS opcode as an integer",
- "type": "integer"
+ "type": "integer",
+ "suricata": {
+ "keywords": [
+ "dns.opcode"
+ ]
+ }
},
"rrname_truncated": {
- "description": "Set to true if the rrname was too long and truncated by Suricata",
+ "description":
+ "Set to true if the rrname was too long and truncated by Suricata",
"type": "boolean"
}
},
"type": "integer"
},
"tc_urgent_oob_data": {
- "description": "Number of Out-of-Band bytes sent by server using TCP urgent packets",
+ "description":
+ "Number of Out-of-Band bytes sent by server using TCP urgent packets",
"type": "integer"
},
"tcp_flags": {
"type": "integer"
},
"ts_urgent_oob_data": {
- "description": "Number of Out-of-Band bytes sent by client using TCP urgent packets",
+ "description":
+ "Number of Out-of-Band bytes sent by client using TCP urgent packets",
"type": "integer"
},
"urg": {
"type": "integer"
},
"mname_truncated": {
- "description": "Set to true if the mname was too long and truncated by Suricata",
+ "description":
+ "Set to true if the mname was too long and truncated by Suricata",
"type": "boolean"
}
},
"type": "object",
"properties": {
"rdata": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "dns.response.rrname"
+ ]
+ }
},
"rrname": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "dns.authorities.rrname",
+ "dns.response.rrname"
+ ]
+ }
},
"rrtype": {
"type": "string"
"$ref": "#/$defs/dns.soa"
},
"rdata_truncated": {
- "description": "Set to true if the rdata was too long and truncated by Suricata",
+ "description":
+ "Set to true if the rdata was too long and truncated by Suricata",
"type": "boolean"
},
"rrname_truncated": {
- "description": "Set to true if the rrname was too long and truncated by Suricata",
+ "description":
+ "Set to true if the rrname was too long and truncated by Suricata",
"type": "boolean"
}
},
"type": "object",
"properties": {
"rdata": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "dns.response.rrname"
+ ]
+ }
},
"rrname": {
- "type": "string"
+ "type": "string",
+ "suricata": {
+ "keywords": [
+ "dns.additionals.rrname",
+ "dns.response.rrname"
+ ]
+ }
},
"rrtype": {
"type": "string"
projects / thirdparty / suricata.git / commitdiff
