29.1. EVE Index

29.1.1. Top Level (object)

Name	Type	Description
app_proto	string
app_proto_expected	string
app_proto_orig	string
app_proto_tc	string
app_proto_ts	string
capture_file	string
community_id	string
dest_ip	string
dest_port	integer
event_type	string
flow_id	integer
host	string	the sensor-name, if configured
icmp_code	integer
icmp_type	integer
in_iface	string
log_level	string
packet	string
parent_id	integer
payload	string
payload_length	integer
payload_printable	string
pcap_cnt	integer
pcap_filename	string
pkt_src	string
proto	string
response_icmp_code	integer
response_icmp_type	integer
spi	integer
src_ip	string
src_port	integer
stream	integer
timestamp	string
verdict	object
direction	string
tx_id	integer
tx_guessed	boolean	the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect
files	array of objects
vlan	array of numbers
alert	object
stream_tcp	object
anomaly	object
arp	object
bittorrent_dht	object
dcerpc	object
dhcp	object
dnp3	object
dns	object
drop	object
email	object
engine	object
enip	object
ether	object
fileinfo	object
flow	object
frame	object
ftp	object
ftp_data	object
http	object
ike	object
krb5	object
ldap	object
metadata	object
modbus	object
mqtt	object
netflow	object
nfs	object
packet_info	object
pgsql	object
quic	object
rdp	object
rfb	object
rpc	object
sip	object
smb	object
smtp	object
snmp	object
ssh	object
stats	object
tcp	object
template	object
tftp	object
tls	object
traffic	object
tunnel	object
websocket	object

29.1.2. websocket (object)

Name	Type	Description
fin	boolean
mask	integer
opcode	string
payload_base64	string
payload_printable	string

29.1.3. tunnel (object)

Name	Type	Description
depth	integer
dest_ip	string
dest_port	integer
pcap_cnt	integer
pkt_src	string
proto	string
src_ip	string
src_port	integer

29.1.4. traffic (object)

Name	Type	Description
id	array of strings
label	array of strings

29.1.5. tls (object)

Name	Type	Description
certificate	string
chain	array of strings
client	object
client_alpns	array of strings	TLS client ALPN field(s)
server_alpns	array of strings	TLS server ALPN field(s)
fingerprint	string
from_proto	string
issuerdn	string
subjectaltname	array of strings	TLS Subject Alternative Name field
notafter	string
notbefore	string
serial	string
session_resumed	boolean
sni	string
subject	string
version	string
ja3	object
ja3s	object
ja4	string

29.1.6. tls.ja3s (object)

Name	Type	Description
hash	string
string	string

29.1.7. tls.ja3 (object)

Name	Type	Description
hash	string
string	string

29.1.8. tls.client (object)

Name	Type	Description
certificate	string
chain	array of strings
fingerprint	string
issuerdn	string
subjectaltname	array of strings	TLS Subject Alternative Name field
notafter	string
notbefore	string
serial	string
subject	string

29.1.9. tftp (object)

Name	Type	Description
file	string
mode	string
packet	string

29.1.10. template (object)

Name	Type	Description
request	string
response	string

29.1.11. tcp (object)

Name	Type	Description
ack	boolean
cwr	boolean
ecn	boolean
fin	boolean
psh	boolean
rst	boolean
state	string
syn	boolean
tc_gap	boolean
tc_max_regions	integer
tc_urgent_oob_data	integer	Number of Out-of-Band bytes sent by server using TCP urgent packets
tcp_flags	string
tcp_flags_tc	string
tcp_flags_ts	string
ts_gap	boolean
ts_max_regions	integer
ts_urgent_oob_data	integer	Number of Out-of-Band bytes sent by client using TCP urgent packets
urg	boolean

29.1.12. stats (object)

Name	Type	Description
uptime	integer	Suricata engine's uptime
capture	object
app_layer	object
ips	object
decoder	object
defrag	object
detect	object
file_store	object
flow	object
flow_bypassed	object
flow_mgr	object
memcap	object
ftp	object
http	object
host	object
ippair	object
tcp	object

29.1.13. stats.tcp (object)

Name	Type	Description
ack_unseen_data	integer
active_sessions	integer
insert_data_normal_fail	integer
insert_data_overlap_fail	integer
insert_list_fail	integer
invalid_checksum	integer
memuse	integer
midstream_pickups	integer
midstream_exception_policy	object
no_flow	integer
overlap	integer
overlap_diff_data	integer
pkt_on_wrong_thread	integer
pseudo	integer
reassembly_exception_policy	object
reassembly_gap	integer
reassembly_memuse	integer
rst	integer
segment_memcap_drop	integer
segment_from_cache	integer
segment_from_pool	integer
sessions	integer
ssn_from_cache	integer
ssn_from_pool	integer
ssn_memcap_drop	integer
ssn_memcap_exception_policy	object
stream_depth_reached	integer
syn	integer
synack	integer
urg	integer	Number of TCP packets with the urgent flag set
urgent_oob_data	integer	Number of OOB bytes tracked in TCP urgent handling

29.1.14. stats.tcp.ssn_memcap_exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.15. stats.tcp.reassembly_exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.16. stats.tcp.midstream_exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.17. stats.ippair (object)

Name	Type	Description
memcap	integer
memuse	integer

29.1.18. stats.host (object)

Name	Type	Description
memcap	integer
memuse	integer

29.1.19. stats.http (object)

Name	Type	Description
memcap	integer
memuse	integer
byterange	object

29.1.20. stats.http.byterange (object)

Name	Type	Description
memcap	integer
memuse	integer

29.1.21. stats.ftp (object)

Name	Type	Description
memcap	integer
memuse	integer

29.1.22. stats.memcap (object)

Name	Type	Description
pressure	integer	Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http
pressure_max	integer	Maximum pressure seen by the engine

29.1.23. stats.flow_mgr (object)

Name	Type	Description
bypassed_pruned	integer
closed_pruned	integer
est_pruned	integer
flows_checked	integer
flows_notimeout	integer
flows_removed	integer
flows_timeout	integer
new_pruned	integer
rows_busy	integer
rows_checked	integer
rows_empty	integer
rows_maxlen	integer
rows_skipped	integer

29.1.24. stats.flow_bypassed (object)

Name	Type	Description
bytes	integer
closed	integer
local_bytes	integer
local_capture_bytes	integer
local_capture_pkts	integer
local_pkts	integer
pkts	integer

29.1.25. stats.flow (object)

Name	Type	Description
active	integer	Number of currently active flows
emerg_mode_entered	integer	Number of times emergency mode was entered
emerg_mode_over	integer	Number of times recovery was made from emergency mode
get_used	integer	Number of reused flows from the hash table in case memcap was reached and spare pool was empty
get_used_eval	integer	Number of attempts at getting a flow directly from the hash
get_used_eval_busy	integer	Number of times a flow was found in the hash but the lock for hash bucket could not be obtained
get_used_eval_reject	integer	Number of flows that were evaluated but rejected from reuse as they were still alive/active
get_used_failed	integer	Number of times retrieval of flow from hash was attempted but was unsuccessful
icmpv4	integer	Number of ICMPv4 flows
icmpv6	integer	Number of ICMPv6 flows
memcap	integer	Number of times memcap was reached for flows
memcap_exception_policy	object
memuse	integer	Memory currently in use by the flows
spare	integer	Number of flows in the spare pool
tcp	integer	Number of TCP flows
tcp_reuse	integer	Number of TCP flows that were reused as they seemed to share the same flow tuple
total	integer	Total number of flows
udp	integer	Number of UDP flows
end	object
mgr	object
recycler	object
wrk	object

29.1.26. stats.flow.wrk (object)

Name	Type	Description
flows_evicted	integer
flows_evicted_needs_work	integer
flows_evicted_pkt_inject	integer
flows_injected	integer
flows_injected_max	integer
spare_sync	integer
spare_sync_avg	integer
spare_sync_empty	integer
spare_sync_incomplete	integer

29.1.27. stats.flow.recycler (object)

Name	Type	Description
recycled	integer	number of recycled flows
queue_avg	integer	average number of recycled flows per queue
queue_max	integer	maximum number of recycled flows per queue

29.1.28. stats.flow.mgr (object)

Name	Type	Description
flows_checked	integer	number of flows checked for timeout in the last pass
flows_evicted	integer	number of flows that were evicted
flows_evicted_needs_work	integer	number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work
flows_notimeout	integer	number of flows that did not time out
flows_timeout	integer	number of flows that reached the time out
full_hash_pass	integer	number of times a full pass of the hash table was done
rows_maxlen	integer	size of the biggest row in the hash table
rows_per_sec	integer	number of rows to be scanned every second by a worker

29.1.29. stats.flow.end (object)

Name	Type	Description
state	object
tcp_state	object
tcp_liberal	integer

29.1.30. stats.flow.end.tcp_state (object)

Name	Type	Description
none	integer
syn_sent	integer
syn_recv	integer
established	integer
fin_wait1	integer
fin_wait2	integer
time_wait	integer
last_ack	integer
close_wait	integer
closing	integer
closed	integer

29.1.31. stats.flow.end.state (object)

Name	Type	Description
new	integer
established	integer
closed	integer
local_bypassed	integer
capture_bypassed	integer

29.1.32. stats.flow.memcap_exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.33. stats.file_store (object)

Name	Type	Description
fs_errors	integer
open_files	integer
open_files_max_hit	integer

29.1.34. stats.detect (object)

Name	Type	Description
alert	integer
alert_queue_overflow	integer
alerts_suppressed	integer
lua	object
mpm_list	integer
nonmpm_list	integer
fnonmpm_list	integer
match_list	integer
engines	array of objects

29.1.35. stats.detect.engines (array of objects)

Name	Type	Description
id	integer
last_reload	string
rules_loaded	integer
rules_failed	integer
rules_skipped	integer

29.1.36. stats.detect.lua (object)

Name	Type	Description
blocked_function_errors	integer	Counter for Lua scripts failing due to blocked functions being called
instruction_limit_errors	integer	Count of Lua rules exceeding the instruction limit
memory_limit_errors	integer	Count of Lua rules exceeding the memory limit
errors	integer	Errors encountered while running Lua scripts

29.1.37. stats.defrag (object)

Name	Type	Description
tracker_soft_reuse	integer	Finished tracker re-used from hash table before being moved to spare pool
tracker_hard_reuse	integer	Active tracker force closed before completion and reused for new tracker
max_trackers_reached	integer	How many times a packet wasn't reassembled due to max-trackers limit being reached
max_frags_reached	integer	How many times a fragment wasn't stored due to max-frags limit being reached
memuse	integer	Current memory use.
memcap_exception_policy	object
ipv4	object
ipv6	object
mgr	object
wrk	object

29.1.38. stats.defrag.wrk (object)

Name	Type	Description
tracker_timeout	integer

29.1.39. stats.defrag.mgr (object)

Name	Type	Description
tracker_timeout	integer

29.1.40. stats.defrag.ipv6 (object)

Name	Type	Description
fragments	integer
reassembled	integer
timeouts	integer

29.1.41. stats.defrag.ipv4 (object)

Name	Type	Description
fragments	integer
reassembled	integer
timeouts	integer

29.1.42. stats.defrag.memcap_exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.43. stats.decoder (object)

Name	Type	Description
avg_pkt_size	integer
bytes	integer
chdlc	integer
erspan	integer
esp	integer
ethernet	integer
arp	integer
unknown_ethertype	integer
geneve	integer
gre	integer
icmpv4	integer
icmpv6	integer
ieee8021ah	integer
invalid	integer
ipv4	integer
ipv4_in_ipv6	integer
ipv6	integer
ipv6_in_ipv6	integer
max_mac_addrs_dst	integer
max_mac_addrs_src	integer
max_pkt_size	integer
mpls	integer
nsh	integer
null	integer
pkts	integer
ppp	integer
pppoe	integer
raw	integer
sctp	integer
sll	integer
tcp	integer
teredo	integer
too_many_layers	integer
udp	integer
vlan	integer
vlan_qinq	integer
vlan_qinqinq	integer
vntag	integer
vxlan	integer
event	object

29.1.44. stats.decoder.event (object)

Name	Type	Description
afpacket	object
arp	object
chdlc	object
dce	object
erspan	object
esp	object
ethernet	object
geneve	object
gre	object
icmpv4	object
icmpv6	object
ieee8021ah	object
ipraw	object
ipv4	object
ipv6	object
ltnull	object
mpls	object
nsh	object
ppp	object
pppoe	object
sctp	object
sll	object
tcp	object
udp	object
vlan	object
vntag	object
vxlan	object

29.1.45. stats.decoder.event.vxlan (object)

Name	Type	Description
unknown_payload_type	integer

29.1.46. stats.decoder.event.vntag (object)

Name	Type	Description
header_too_small	integer
unknown_type	integer

29.1.47. stats.decoder.event.vlan (object)

Name	Type	Description
header_too_small	integer
too_many_layers	integer
unknown_type	integer

29.1.48. stats.decoder.event.udp (object)

Name	Type	Description
hlen_invalid	integer
hlen_too_small	integer
pkt_too_small	integer
len_invalid	integer

29.1.49. stats.decoder.event.tcp (object)

Name	Type	Description
hlen_too_small	integer
invalid_optlen	integer
opt_duplicate	integer
opt_invalid_len	integer
pkt_too_small	integer

29.1.50. stats.decoder.event.sll (object)

Name	Type	Description
pkt_too_small	integer

29.1.51. stats.decoder.event.sctp (object)

Name	Type	Description
pkt_too_small	integer

29.1.52. stats.decoder.event.pppoe (object)

Name	Type	Description
malformed_tags	integer
pkt_too_small	integer
wrong_code	integer

29.1.53. stats.decoder.event.ppp (object)

Name	Type	Description
ip4_pkt_too_small	integer
ip6_pkt_too_small	integer
pkt_too_small	integer
unsup_proto	integer
vju_pkt_too_small	integer
wrong_type	integer

29.1.54. stats.decoder.event.nsh (object)

Name	Type	Description
bad_header_length	integer
header_too_small	integer
reserved_type	integer
unknown_payload	integer
unsupported_type	integer
unsupported_version	integer

29.1.55. stats.decoder.event.mpls (object)

Name	Type	Description
bad_label_implicit_null	integer
bad_label_reserved	integer
bad_label_router_alert	integer
header_too_small	integer
pkt_too_small	integer
unknown_payload_type	integer

29.1.56. stats.decoder.event.ltnull (object)

Name	Type	Description
pkt_too_small	integer
unsupported_type	integer

29.1.57. stats.decoder.event.ipv6 (object)

Name	Type	Description
data_after_none_header	integer
dstopts_only_padding	integer
dstopts_unknown_opt	integer
exthdr_ah_res_not_null	integer
exthdr_dupl_ah	integer
exthdr_dupl_dh	integer
exthdr_dupl_eh	integer
exthdr_dupl_fh	integer
exthdr_dupl_hh	integer
exthdr_dupl_rh	integer
exthdr_invalid_optlen	integer
exthdr_useless_fh	integer
fh_non_zero_reserved_field	integer
frag_ignored	integer
frag_invalid_length	integer
frag_overlap	integer
frag_pkt_too_large	integer
hopopts_only_padding	integer
hopopts_unknown_opt	integer
icmpv4	integer
ipv4_in_ipv6_too_small	integer
ipv4_in_ipv6_wrong_version	integer
ipv6_in_ipv6_too_small	integer
ipv6_in_ipv6_wrong_version	integer
pkt_too_small	integer
rh_type_0	integer
trunc_exthdr	integer
trunc_pkt	integer
unknown_next_header	integer
wrong_ip_version	integer
zero_len_padn	integer

29.1.58. stats.decoder.event.ipv4 (object)

Name	Type	Description
frag_ignored	integer
frag_overlap	integer
frag_pkt_too_large	integer
hlen_too_small	integer
icmpv6	integer
iplen_smaller_than_hlen	integer
opt_duplicate	integer
opt_eol_required	integer
opt_invalid	integer
opt_invalid_len	integer
opt_malformed	integer
opt_pad_required	integer
opt_unknown	integer
pkt_too_small	integer
trunc_pkt	integer
wrong_ip_version	integer

29.1.59. stats.decoder.event.ipraw (object)

Name	Type	Description
invalid_ip_version	integer

29.1.60. stats.decoder.event.ieee8021ah (object)

Name	Type	Description
header_too_small	integer

29.1.61. stats.decoder.event.icmpv6 (object)

Name	Type	Description
experimentation_type	integer
ipv6_trunc_pkt	integer
ipv6_unknown_version	integer
mld_message_with_invalid_hl	integer
pkt_too_small	integer
unassigned_type	integer
unknown_code	integer
unknown_type	integer

29.1.62. stats.decoder.event.icmpv4 (object)

Name	Type	Description
ipv4_trunc_pkt	integer
ipv4_unknown_ver	integer
pkt_too_small	integer
unknown_code	integer
unknown_type	integer

29.1.63. stats.decoder.event.gre (object)

Name	Type	Description
pkt_too_small	integer
version0_flags	integer
version0_hdr_too_big	integer
version0_malformed_sre_hdr	integer
version0_recur	integer
version1_chksum	integer
version1_flags	integer
version1_hdr_too_big	integer
version1_malformed_sre_hdr	integer
version1_no_key	integer
version1_recur	integer
version1_route	integer
version1_ssr	integer
version1_wrong_protocol	integer
wrong_version	integer

29.1.64. stats.decoder.event.geneve (object)

Name	Type	Description
unknown_payload_type	integer

29.1.65. stats.decoder.event.ethernet (object)

Name	Type	Description
pkt_too_small	integer
unknown_ethertype	integer

29.1.66. stats.decoder.event.esp (object)

Name	Type	Description
pkt_too_small	integer

29.1.67. stats.decoder.event.erspan (object)

Name	Type	Description
header_too_small	integer
too_many_vlan_layers	integer
unsupported_version	integer

29.1.68. stats.decoder.event.dce (object)

Name	Type	Description
pkt_too_small	integer

29.1.69. stats.decoder.event.chdlc (object)

Name	Type	Description
pkt_too_small	integer

29.1.70. stats.decoder.event.arp (object)

Name	Type	Description
pkt_too_small	integer
unsupported_hardware	integer
unsupported_protocol	integer
unsupported_pkt	integer
invalid_hardware_size	integer
invalid_protocol_size	integer
unsupported_opcode	integer

29.1.71. stats.decoder.event.afpacket (object)

Name	Type	Description
trunc_pkt	integer	Number of packets truncated by AF_PACKET

29.1.72. stats.ips (object)

Name	Type	Description
accepted	integer	Number of accepted packets
blocked	integer	Number of blocked packets
rejected	integer	Number of rejected packets
replaced	integer	Number of replaced packets
drop_reason	object	Number of dropped packets, grouped by drop reason

29.1.73. stats.ips.drop_reason (object)

Name	Type	Description
decode_error	integer	Number of packets dropped due to decoding errors
defrag_error	integer	Number of packets dropped due to defragmentation errors
defrag_memcap	integer	Number of packets dropped due to defrag memcap exception policy
flow_memcap	integer	Number of packets dropped due to flow memcap exception policy
flow_drop	integer	Number of packets dropped due to dropped flows
applayer_error	integer	Number of packets dropped due to app-layer error exception policy
applayer_memcap	integer	Number of packets dropped due to applayer memcap
rules	integer	Number of packets dropped due to rule actions
threshold_detection_filter	integer	Number of packets dropped due to threshold detection filter
stream_error	integer	Number of packets dropped due to invalid TCP stream
stream_memcap	integer	Number of packets dropped due to stream memcap exception policy
stream_midstream	integer	Number of packets dropped due to stream midstream exception policy
stream_reassembly	integer	Number of packets dropped due to stream reassembly exception policy
stream_urgent	integer	Number of packets dropped due to TCP urgent flag
nfq_error	integer	Number of packets dropped due to no NFQ verdict
tunnel_packet_drop	integer	Number of packets dropped due to inner tunnel packet being dropped

29.1.74. stats.app_layer (object)

Name	Type	Description
expectations	integer	Expectation (dynamic parallel flow) counter
error	object
flow	object
tx	object

29.1.75. stats.app_layer.tx (object)

Name	Type	Description
bittorrent-dht	integer	Number of transactions for BitTorrent DHT protocol
dcerpc_tcp	integer	Number of transactions for DCERPC/TCP protocol
dcerpc_udp	integer	Number of transactions for DCERPC/UDP protocol
dhcp	integer	Number of transactions for DHCP
dnp3	integer	Number of transactions for DNP3
dns_tcp	integer	Number of transactions for DNS/TCP protocol
dns_udp	integer	Number of transactions for DNS/UDP protocol
doh2	integer
enip_tcp	integer	Number of transactions for ENIP/TCP
enip_udp	integer	Number of transactions for ENIP/UDP
ftp	integer	Number of transactions for FTP
ftp-data	integer	Number of transactions for FTP data protocol
http	integer	Number of transactions for HTTP
http2	integer	Number of transactions for HTTP/2
ike	integer	Number of transactions for IKE protocol
ikev2	integer	Number of transactions for IKE v2 protocol
imap	integer	Number of transactions for IMAP
krb5_tcp	integer	Number of transactions for Kerberos v5/TCP protocol
krb5_udp	integer	Number of transactions for Kerberos v5/UDP protocol
ldap_tcp	integer	Number of transactions for LDAP/TCP protocol
ldap_udp	integer	Number of transactions for LDAP/UDP protocol
modbus	integer	Number of transactions for Modbus protocol
mqtt	integer	Number of transactions for MQTT protocol
nfs_tcp	integer	Number of transactions for NFS/TCP protocol
nfs_udp	integer	Number of transactions for NFS/UDP protocol
ntp	integer	Number of transactions for NTP
pgsql	integer	Number of transactions for PostgreSQL protocol
pop3	integer
quic	integer	Number of transactions for QUIC protocol
rdp	integer	Number of transactions for RDP
rfb	integer	Number of transactions for RFB protocol
sip_udp	integer	Number of transactions for SIP/UDP protocol
sip_tcp	integer	Number of transactions for SIP/TCP protocol
smb	integer	Number of transactions for SMB protocol
smtp	integer	Number of transactions for SMTP
snmp	integer	Number of transactions for SNMP
ssh	integer	Number of transactions for SSH protocol
telnet	integer	Number of transactions for Telnet protocol
tftp	integer	Number of transactions for TFTP
tls	integer	Number of transactions for TLS protocol
websocket	integer

29.1.76. stats.app_layer.flow (object)

Name	Type	Description
bittorrent-dht	integer	Number of flows for BitTorrent DHT protocol
dcerpc_tcp	integer	Number of flows for DCERPC/TCP protocol
dcerpc_udp	integer	Number of flows for DCERPC/UDP protocol
dhcp	integer	Number of flows for DHCP
dnp3	integer	Number of flows for DNP3
dns_tcp	integer	Number of flows for DNS/TCP protocol
dns_udp	integer	Number of flows for DNS/UDP protocol
doh2	integer
enip_tcp	integer	Number of flows for ENIP/TCP
enip_udp	integer	Number of flows for ENIP/UDP
failed_tcp	integer	Number of failed flows for TCP
failed_udp	integer	Number of failed flows for UDP
ftp	integer	Number of flows for FTP
ftp-data	integer	Number of flows for FTP data protocol
http	integer	Number of flows for HTTP
http2	integer	Number of flows for HTTP/2
ike	integer	Number of flows for IKE protocol
ikev2	integer	Number of flows for IKE v2 protocol
imap	integer	Number of flows for IMAP
krb5_tcp	integer	Number of flows for Kerberos v5/TCP protocol
krb5_udp	integer	Number of flows for Kerberos v5/UDP protocol
ldap_tcp	integer	Number of flows for LDAP/TCP protocol
ldap_udp	integer	Number of flows LDAP/UDP protocol
modbus	integer	Number of flows for Modbus protocol
mqtt	integer	Number of flows for MQTT protocol
nfs_tcp	integer	Number of flows for NFS/TCP protocol
nfs_udp	integer	Number of flows for NFS/UDP protocol
ntp	integer	Number of flows for NTP
pgsql	integer	Number of flows for PostgreSQL protocol
pop3	integer
quic	integer	Number of flows for QUIC protocol
rdp	integer	Number of flows for RDP
rfb	integer	Number of flows for RFB protocol
sip_udp	integer	Number of flows for SIP/UDP protocol
sip_tcp	integer	Number of flows for SIP/TCP protocol
smb	integer	Number of flows for SMB protocol
smtp	integer	Number of flows for SMTP
snmp	integer	Number of flows for SNMP
ssh	integer	Number of flows for SSH protocol
telnet	integer	Number of flows for Telnet protocol
tftp	integer	Number of flows for TFTP
tls	integer	Number of flows for TLS protocol
websocket	integer

29.1.77. stats.app_layer.error (object)

Name	Type	Description
exception_policy	object
bittorrent-dht	object
dcerpc_tcp	object
dcerpc_udp	object
dhcp	object
dnp3	object
dns_tcp	object
dns_udp	object
doh2	object
enip_tcp	object
enip_udp	object
failed_tcp	object
ftp	object
ftp-data	object
http	object
http2	object
ike	object
imap	object
krb5_tcp	object
krb5_udp	object
ldap_tcp	object
ldap_udp	object
modbus	object
mqtt	object
nfs_tcp	object
nfs_udp	object
ntp	object
pgsql	object
pop3	object
quic	object
rdp	object
rfb	object
sip_udp	object
sip_tcp	object
smb	object
smtp	object
snmp	object
ssh	object
telnet	object
tftp	object
tls	object
websocket	object

29.1.78. stats.app_layer.error.websocket (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.79. stats.app_layer.error.websocket.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.80. stats.app_layer.error.tls (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.81. stats.app_layer.error.tls.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.82. stats.app_layer.error.tftp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.83. stats.app_layer.error.tftp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.84. stats.app_layer.error.telnet (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.85. stats.app_layer.error.telnet.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.86. stats.app_layer.error.ssh (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.87. stats.app_layer.error.ssh.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.88. stats.app_layer.error.snmp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.89. stats.app_layer.error.snmp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.90. stats.app_layer.error.smtp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.91. stats.app_layer.error.smtp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.92. stats.app_layer.error.smb (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.93. stats.app_layer.error.smb.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.94. stats.app_layer.error.sip_tcp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.95. stats.app_layer.error.sip_tcp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.96. stats.app_layer.error.sip_udp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.97. stats.app_layer.error.sip_udp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.98. stats.app_layer.error.rfb (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.99. stats.app_layer.error.rfb.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.100. stats.app_layer.error.rdp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.101. stats.app_layer.error.rdp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.102. stats.app_layer.error.quic (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.103. stats.app_layer.error.quic.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.104. stats.app_layer.error.pop3 (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.105. stats.app_layer.error.pop3.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.106. stats.app_layer.error.pgsql (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.107. stats.app_layer.error.pgsql.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.108. stats.app_layer.error.ntp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.109. stats.app_layer.error.ntp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.110. stats.app_layer.error.nfs_udp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.111. stats.app_layer.error.nfs_udp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.112. stats.app_layer.error.nfs_tcp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.113. stats.app_layer.error.nfs_tcp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.114. stats.app_layer.error.mqtt (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.115. stats.app_layer.error.mqtt.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.116. stats.app_layer.error.modbus (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.117. stats.app_layer.error.modbus.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.118. stats.app_layer.error.ldap_udp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.119. stats.app_layer.error.ldap_udp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.120. stats.app_layer.error.ldap_tcp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.121. stats.app_layer.error.ldap_tcp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.122. stats.app_layer.error.krb5_udp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.123. stats.app_layer.error.krb5_udp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.124. stats.app_layer.error.krb5_tcp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.125. stats.app_layer.error.krb5_tcp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.126. stats.app_layer.error.imap (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.127. stats.app_layer.error.imap.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.128. stats.app_layer.error.ike (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.129. stats.app_layer.error.ike.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.130. stats.app_layer.error.http2 (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.131. stats.app_layer.error.http2.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.132. stats.app_layer.error.http (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.133. stats.app_layer.error.http.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.134. stats.app_layer.error.ftp-data (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.135. stats.app_layer.error.ftp-data.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.136. stats.app_layer.error.ftp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.137. stats.app_layer.error.ftp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.138. stats.app_layer.error.failed_tcp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.139. stats.app_layer.error.failed_tcp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.140. stats.app_layer.error.enip_udp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.141. stats.app_layer.error.enip_udp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.142. stats.app_layer.error.enip_tcp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.143. stats.app_layer.error.enip_tcp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.144. stats.app_layer.error.doh2 (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.145. stats.app_layer.error.doh2.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.146. stats.app_layer.error.dns_udp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.147. stats.app_layer.error.dns_udp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.148. stats.app_layer.error.dns_tcp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.149. stats.app_layer.error.dns_tcp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.150. stats.app_layer.error.dnp3 (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.151. stats.app_layer.error.dnp3.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.152. stats.app_layer.error.dhcp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.153. stats.app_layer.error.dhcp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.154. stats.app_layer.error.dcerpc_udp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.155. stats.app_layer.error.dcerpc_udp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.156. stats.app_layer.error.dcerpc_tcp (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.157. stats.app_layer.error.dcerpc_tcp.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.158. stats.app_layer.error.bittorrent-dht (object)

Name	Type	Description
gap	integer	Number of errors processing gaps
alloc	integer	Number of errors allocating memory
parser	integer	Number of errors reported by parser
internal	integer	Number of internal parser errors
exception_policy	object

29.1.159. stats.app_layer.error.bittorrent-dht.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.160. stats.app_layer.error.exception_policy (object)

Name	Type	Description
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
bypass	integer
reject	integer

29.1.161. stats.capture (object)

Name	Type	Description
kernel_packets	integer
kernel_drops	integer
kernel_ifdrops	integer

29.1.162. ssh (object)

Name	Type	Description
client	object
server	object

29.1.163. ssh.server (object)

Name	Type	Description
proto_version	string
software_version	string
hassh	object

29.1.164. ssh.server.hassh (object)

Name	Type	Description
hash	string
string	string

29.1.165. ssh.client (object)

Name	Type	Description
proto_version	string
software_version	string
hassh	object

29.1.166. ssh.client.hassh (object)

Name	Type	Description
hash	string
string	string

29.1.167. snmp (object)

Name	Type	Description
community	string
pdu_type	string
usm	string
version	integer
vars	array of strings

29.1.168. smtp (object)

Name	Type	Description
helo	string
mail_from	string
rcpt_to	array of strings

29.1.169. smb (object)

Name	Type	Description
access	string
accessed	integer
changed	integer
client_guid	string
command	string
created	integer
dialect	string
directory	string
disposition	string
filename	string
fuid	string
function	string
id	integer
level_of_interest	string
max_read_size	integer
max_write_size	integer
modified	integer
named_pipe	string
rename	object
request_done	boolean
response_done	boolean
server_guid	string
session_id	integer
set_info	object
share	string
share_type	string
size	integer
subcmd	string
status	string
status_code	string
tree_id	integer
client_dialects	array of strings
dcerpc	object
kerberos	object
ntlmssp	object
request	object
response	object
service	object

29.1.170. smb.service (object)

Name	Type	Description
request	string
response	string

29.1.171. smb.response (object)

Name	Type	Description
native_lm	string
native_os	string

29.1.172. smb.request (object)

Name	Type	Description
native_lm	string
native_os	string

29.1.173. smb.ntlmssp (object)

Name	Type	Description
domain	string
host	string
user	string
version	string
warning	boolean

29.1.174. smb.kerberos (object)

Name	Type	Description
realm	string
snames	array of strings

29.1.175. smb.dcerpc (object)

Name	Type	Description
call_id	integer
opnum	integer
request	string
response	string
interfaces	array of objects
req	object
res	object

29.1.176. smb.dcerpc.res (object)

Name	Type	Description
frag_cnt	integer
stub_data_size	integer

29.1.177. smb.dcerpc.req (object)

Name	Type	Description
frag_cnt	integer
stub_data_size	integer

29.1.178. smb.dcerpc.interfaces (array of objects)

Name	Type	Description
ack_reason	integer
ack_result	integer
uuid	string
version	string

29.1.179. smb.set_info (object)

Name	Type	Description
class	string
info_level	string

29.1.180. smb.rename (object)

Name	Type	Description
from	string
to	string

29.1.181. sip (object)

Name	Type	Description
code	string
method	string
reason	string
request_line	string
response_line	string
uri	string
version	string
sdp	object	SDP message body

29.1.182. sip.sdp (object)

Name	Type	Description
version	integer	SDP protocol version
origin	string	Owner of the session
session_name	string	Session name
session_info	string	Textual information about the session
uri	string	A pointer to additional information about the session
email	string	Email address for the person responsible for the conference
phone_number	string	Phone number for the person responsible for the conference
connection_data	string	Connection data
bandwidths	array of strings	Proposed bandwidths to be used by the session or media
time	string	Start and stop times for a session
repeat_time	string	Specify repeat times for a session
timezone	string	Timezone to specify adjustments for times and offsets from the base time
encryption_key	string	Field used to convey encryption keys if SDP is used over a secure channel
attributes	array of strings	A list of attributes to extend SDP
media_descriptions	array of objects	A list of media descriptions for a session

29.1.183. sip.sdp.media_descriptions (array of objects)

Name	Type	Description
media	string	Media description
media_info	string	Media information primarily intended for labelling media streams
bandwidths	array of strings	A list of bandwidth proposed for a media
connection_data	string	Connection data per media description
attributes	array of strings	A list of attributes specified for a media description

29.1.184. rpc (object)

Name	Type	Description
auth_type	string
status	string
xid	integer
creds	object

29.1.185. rpc.creds (object)

Name	Type	Description
gid	integer
machine_name	string
uid	integer

29.1.186. rfb (object)

Name	Type	Description
screen_shared	boolean
authentication	object
client_protocol_version	object
framebuffer	object
server_protocol_version	object

29.1.187. rfb.server_protocol_version (object)

Name	Type	Description
major	string
minor	string

29.1.188. rfb.framebuffer (object)

Name	Type	Description
height	integer
name	string
width	integer
pixel_format	object

29.1.189. rfb.framebuffer.pixel_format (object)

Name	Type	Description
big_endian	boolean
bits_per_pixel	integer
blue_max	integer
blue_shift	integer
depth	integer
green_max	integer
green_shift	integer
red_max	integer
red_shift	integer
true_color	boolean

29.1.190. rfb.client_protocol_version (object)

Name	Type	Description
major	string
minor	string

29.1.191. rfb.authentication (object)

Name	Type	Description
security_result	string
security_type	integer
vnc	object

29.1.192. rfb.authentication.vnc (object)

Name	Type	Description
challenge	string
response	string

29.1.193. rdp (object)

Name	Type	Description
cookie	string
event_type	string
tx_id	integer
channels	array of strings
client	object

29.1.194. rdp.client (object)

Name	Type	Description
build	string
client_name	string
color_depth	integer
desktop_height	integer
desktop_width	integer
function_keys	integer
id	string
keyboard_layout	string
keyboard_type	string
product_id	integer
version	string
capabilities	array of strings

29.1.195. quic (object)

Name	Type	Description
cyu	array of objects	ja3-like fingerprint for versions of QUIC before standardization
extensions	array of objects	list of extensions in hello
ja3	object	ja3 from client, as in TLS
ja3s	object	ja3 from server, as in TLS
ja4	string
sni	string	Server Name Indication
ua	string	User Agent for versions of QUIC before standardization
version	string	Quic protocol version

29.1.196. quic.ja3s (object)

Name	Type	Description
hash	string	ja3s hex representation
string	string	ja3s string representation

29.1.197. quic.ja3 (object)

Name	Type	Description
hash	string	ja3 hex representation
string	string	ja3 string representation

29.1.198. quic.extensions (array of objects)

Name	Type	Description
name	string	human-friendly name of the extension
type	integer	integer identifier of the extension
values	array of strings	extension values

29.1.199. quic.cyu (array of objects)

Name	Type	Description
hash	string	cyu hash hex representation
string	string	cyu hash string representation

29.1.200. pgsql (object)

Name	Type	Description
request	object
response	object
tx_id	integer

29.1.201. pgsql.response (object)

Name	Type	Description
authentication_md5_password	string
authentication_sasl_final	string
code	string
command_completed	string
data_rows	integer
data_size	integer
field_count	integer
file	string
line	string
message	string
parameter_status	array of objects
process_id	integer
routine	string
secret_key	integer
severity_localizable	string
severity_non_localizable	string
ssl_accepted	boolean

29.1.202. pgsql.response.parameter_status (array of objects)

Name	Type	Description
application_name	string
client_encoding	string
date_style	string
integer_datetimes	string
interval_style	string
is_superuser	string
server_encoding	string
server_version	string
session_authorization	string
standard_conforming_strings	string
time_zone	string

29.1.203. pgsql.request (object)

Name	Type	Description
message	string
password	string
password_message	string
process_id	integer
protocol_version	string
sasl_authentication_mechanism	string
sasl_param	string
sasl_response	string
secret_key	integer
simple_query	string
startup_parameters	object

29.1.204. pgsql.request.startup_parameters (object)

Name	Type	Description
optional_parameters	array of objects
user	string

29.1.205. pgsql.request.startup_parameters.optional_parameters (array of objects)

Name	Type	Description
application_name	string
client_encoding	string
database	string
datestyle	string
extra_float_digits	string
options	string
replication	string

29.1.206. packet_info (object)

Name	Type	Description
linktype	integer

29.1.207. nfs (object)

Name	Type	Description
file_tx	boolean
filename	string
hhash	string
id	integer
procedure	string
status	string
type	string
version	integer
read	object
rename	object
write	object

29.1.208. nfs.write (object)

Name	Type	Description
chunks	integer
first	boolean
last	boolean
last_xid	integer

29.1.209. nfs.rename (object)

Name	Type	Description
from	string
to	string

29.1.210. nfs.read (object)

Name	Type	Description
chunks	integer
first	boolean
last	boolean
last_xid	integer

29.1.211. netflow (object)

Name	Type	Description
age	integer
bytes	integer
end	string
max_ttl	integer
min_ttl	integer
pkts	integer
start	string

29.1.212. mqtt (object)

Name	Type	Description
connack	object
connect	object
disconnect	object
pingreq	object
pingresp	object
puback	object
pubcomp	object
publish	object
pubrec	object
pubrel	object
suback	object
subscribe	object
unsuback	object
unsubscribe	object

29.1.213. mqtt.unsubscribe (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
retain	boolean
topics	array of strings

29.1.214. mqtt.unsuback (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
retain	boolean
reason_codes	array of integers

29.1.217. mqtt.suback (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
retain	boolean
qos_granted	array of integers

29.1.218. mqtt.pubrel (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
reason_code	integer
retain	boolean

29.1.219. mqtt.pubrec (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
reason_code	integer
retain	boolean

29.1.220. mqtt.publish (object)

Name	Type	Description
dup	boolean
message	string
message_id	integer
qos	integer
retain	boolean
skipped_length	integer
topic	string
truncated	boolean
properties	object

29.1.221. mqtt.pubcomp (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
reason_code	integer
retain	boolean

29.1.222. mqtt.puback (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
reason_code	integer
retain	boolean

29.1.223. mqtt.pingresp (object)

Name	Type	Description
dup	boolean
qos	integer
retain	boolean

29.1.224. mqtt.pingreq (object)

Name	Type	Description
dup	boolean
qos	integer
retain	boolean

29.1.225. mqtt.disconnect (object)

Name	Type	Description
dup	boolean
qos	integer
reason_code	integer
retain	boolean
properties	object

29.1.226. mqtt.connect (object)

Name	Type	Description
client_id	string
dup	boolean
password	string
protocol_string	string
protocol_version	integer
qos	integer
retain	boolean
username	string
flags	object
properties	object
will	object

29.1.227. mqtt.connect.will (object)

Name	Type	Description
message	string
topic	string
properties	object

29.1.228. mqtt.connect.flags (object)

Name	Type	Description
clean_session	boolean
password	boolean
username	boolean
will	boolean
will_retain	boolean

29.1.229. mqtt.connack (object)

Name	Type	Description
dup	boolean
qos	integer
retain	boolean
return_code	integer
session_present	boolean
properties	object

29.1.230. modbus (object)

Name	Type	Description
id	integer
request	object
response	object

29.1.231. modbus.response (object)

Name	Type	Description
access_type	string
category	string
data	string
error_flags	string
function_code	string
function_raw	integer
protocol_id	integer
transaction_id	integer
unit_id	integer
diagnostic	object
exception	object
read	object
write	object

29.1.232. modbus.response.write (object)

Name	Type	Description
address	integer
data	integer

29.1.233. modbus.response.read (object)

Name	Type	Description
data	string

29.1.234. modbus.response.exception (object)

Name	Type	Description
code	string
raw	integer

29.1.235. modbus.response.diagnostic (object)

Name	Type	Description
code	string
data	string
raw	integer

29.1.236. modbus.request (object)

Name	Type	Description
access_type	string
category	string
data	string
error_flags	string
function_code	string
function_raw	integer
protocol_id	integer
transaction_id	integer
unit_id	integer
diagnostic	object
mei	object
read	object
write	object

29.1.237. modbus.request.write (object)

Name	Type	Description
address	integer
data	integer

29.1.238. modbus.request.read (object)

Name	Type	Description
address	integer
quantity	integer

29.1.239. modbus.request.mei (object)

Name	Type	Description
code	string
data	string
raw	integer

29.1.240. modbus.request.diagnostic (object)

Name	Type	Description
code	string
data	string
raw	integer

29.1.241. metadata (object)

Name	Type	Description
flowbits	array of strings
flowvars	array of objects
pktvars	array of objects
flowints	object

29.1.242. metadata.pktvars (array of objects)

Name	Type	Description
uid	string
username	string

29.1.243. metadata.flowvars (array of objects)

Name	Type	Description
gid	string
key	string
value	string

29.1.244. ldap (object)

Name	Type	Description
request	object
responses	array of objects

29.1.245. ldap.responses (array of objects)

Name	Type	Description
search_result_done	object
bind_response	object
modify_response	object
add_response	object
del_response	object
mod_dn_response	object
compare_response	object
extended_response	object
intermediate_response	object

29.1.246. ldap.responses.intermediate_response (object)

Name	Type	Description
name	string
value	string

29.1.247. ldap.responses.extended_response (object)

Name	Type	Description
result_code	string
matched_dn	string
message	string
name	string
value	string

29.1.248. ldap.responses.compare_response (object)

Name	Type	Description
result_code	string
matched_dn	string
message	string

29.1.249. ldap.responses.mod_dn_response (object)

Name	Type	Description
result_code	string
matched_dn	string
message	string

29.1.250. ldap.responses.del_response (object)

Name	Type	Description
result_code	string
matched_dn	string
message	string

29.1.251. ldap.responses.add_response (object)

Name	Type	Description
result_code	string
matched_dn	string
message	string

29.1.252. ldap.responses.modify_response (object)

Name	Type	Description
result_code	string
matched_dn	string
message	string

29.1.253. ldap.responses.bind_response (object)

Name	Type	Description
result_code	string
matched_dn	string
message	string
server_sasl_creds	string

29.1.254. ldap.responses.search_result_done (object)

Name	Type	Description
result_code	string
matched_dn	string
message	string

29.1.255. ldap.request (object)

Name	Type	Description
operation	string
message_id	integer
search_request	object
bind_request	object
modify_request	object
add_request	object
del_request	object
mod_dn_request	object
compare_request	object
abandon_request	object
extended_request	object

29.1.256. ldap.request.extended_request (object)

Name	Type	Description
name	string
value	string

29.1.257. ldap.request.abandon_request (object)

Name	Type	Description
message_id	integer

29.1.258. ldap.request.compare_request (object)

Name	Type	Description
entry	string
attribute_value_assertion	object

29.1.259. ldap.request.compare_request.attribute_value_assertion (object)

Name	Type	Description
description	string
value	string

29.1.260. ldap.request.mod_dn_request (object)

Name	Type	Description
entry	string
new_rdn	string
delete_old_rdn	boolean
new_superior	string

29.1.261. ldap.request.del_request (object)

Name	Type	Description
dn	string

29.1.262. ldap.request.add_request (object)

Name	Type	Description
entry	string
attributes	array of objects

29.1.263. ldap.request.add_request.attributes (array of objects)

Name	Type	Description
name	string
values	array of strings

29.1.264. ldap.request.modify_request (object)

Name	Type	Description
object	string
changes	array of objects

29.1.265. ldap.request.modify_request.changes (array of objects)

Name	Type	Description
operation	string
modification	object

29.1.266. ldap.request.modify_request.changes.modification (object)

Name	Type	Description
attribute_type	string
attribute_values	array of strings

29.1.267. ldap.request.bind_request (object)

Name	Type	Description
version	integer
name	string
sasl	object

29.1.268. ldap.request.bind_request.sasl (object)

Name	Type	Description
mechanism	string
credentials	string

29.1.269. ldap.request.search_request (object)

Name	Type	Description
base_object	string
scope	integer
deref_alias	integer
size_limit	integer
time_limit	integer
types_online	boolean
attributes	array of strings

29.1.270. krb5 (object)

Name	Type	Description
cname	string
encryption	string
error_code	string
failed_request	string
msg_type	string
realm	string
sname	string
ticket_encryption	string
ticket_weak_encryption	boolean
weak_encryption	boolean

29.1.271. ike (object)

Name	Type	Description
alg_auth	string
alg_auth_raw	integer
alg_dh	string
alg_dh_raw	integer
alg_enc	string
alg_enc_raw	integer
alg_hash	string
alg_hash_raw	integer
exchange_type	integer
exchange_type_verbose	string
init_spi	string
message_id	integer
resp_spi	string
role	string
sa_key_length	string
sa_key_length_raw	integer
sa_life_duration	string
sa_life_duration_raw	integer
sa_life_type	string
sa_life_type_raw	integer
version_major	integer
version_minor	integer
payload	array of strings
ikev1	object
ikev2	object

29.1.272. ike.ikev2 (object)

Name	Type	Description
errors	integer
notify	array of unknowns

29.1.273. ike.ikev1 (object)

Name	Type	Description
doi	integer
encrypted_payloads	boolean
vendor_ids	array of strings
client	object
server	object

29.1.274. ike.ikev1.server (object)

Name	Type	Description
key_exchange_payload	string
key_exchange_payload_length	integer
nonce_payload	string
nonce_payload_length	integer

29.1.275. ike.ikev1.client (object)

Name	Type	Description
key_exchange_payload	string
key_exchange_payload_length	integer
nonce_payload	string
nonce_payload_length	integer
proposals	array of objects

29.1.276. ike.ikev1.client.proposals (array of objects)

Name	Type	Description
alg_auth	string
alg_auth_raw	integer
alg_dh	string
alg_dh_raw	integer
alg_enc	string
alg_enc_raw	integer
alg_hash	string
alg_hash_raw	integer
sa_key_length	string
sa_key_length_raw	integer
sa_life_duration	string
sa_life_duration_raw	integer
sa_life_type	string
sa_life_type_raw	integer

29.1.277. http (object)

Name	Type	Description
hostname	string
http_content_type	string
http_method	string
http_port	integer
http_refer	string
http_response_body	string
http_response_body_printable	string
http_user_agent	string
length	integer
org_src_ip	string
protocol	string
redirect	string
status	integer
status_string	string	status string when it is not a valid integer (like 2XX)
true_client_ip	string
url	string
version	string
x_bluecoat_via	string
xff	string
request_headers	array of objects
response_headers	array of objects
content_range	object
http2	object

29.1.278. http.http2 (object)

Name	Type	Description
stream_id	integer
request	object
response	object

29.1.279. http.http2.response (object)

Name	Type	Description
error_code	string
has_multiple	string
settings	array of objects

29.1.280. http.http2.response.settings (array of objects)

Name	Type	Description
settings_id	string
settings_value	integer

29.1.281. http.http2.request (object)

Name	Type	Description
error_code	string
priority	integer
has_multiple	string
settings	array of objects

29.1.282. http.http2.request.settings (array of objects)

Name	Type	Description
settings_id	string
settings_value	integer

29.1.283. http.content_range (object)

Name	Type	Description
end	integer
raw	string
size	integer
start	integer

29.1.284. http.response_headers (array of objects)

Name	Type	Description
name	string
table_size_update	integer
value	string

29.1.285. http.request_headers (array of objects)

Name	Type	Description
name	string
table_size_update	integer
value	string

29.1.286. ftp_data (object)

Name	Type	Description
command	string
filename	string

29.1.287. ftp (object)

Name	Type	Description
command	string
command_data	string
command_truncated	boolean
dynamic_port	integer
mode	string
reply_received	string
reply_truncated	boolean
completion_code	array of strings
reply	array of strings

29.1.288. frame (object)

Name	Type	Description
type	string
id	integer
direction	string
stream_offset	integer
length	integer
complete	boolean
payload	string
payload_printable	string
tx_id	integer

29.1.289. flow (object)

Name	Type	Description
action	string
age	integer
alerted	boolean
bypass	string
bypassed	object
bytes_toclient	integer
bytes_toserver	integer
dest_ip	string
dest_port	integer
emergency	boolean
end	string
exception_policy	array of unknowns	The exception policy(ies) triggered by the flow. Not logged if none was triggered
pkts_toclient	integer
pkts_toserver	integer
reason	string
src_ip	string
src_port	integer
start	string
state	string
wrong_thread	boolean

29.1.290. flow.bypassed (object)

Name	Type	Description
pkts_toserver	integer
pkts_toclient	integer
bytes_toserver	integer
bytes_toclient	integer

29.1.291. fileinfo (object)

Name	Type	Description
end	integer
file_id	integer
filename	string
gaps	boolean
magic	string
md5	string
sha1	string
sha256	string
size	integer
start	integer
state	string
stored	boolean
storing	boolean	the file is set to be stored when completed
tx_id	integer
sid	array of integers

29.1.292. ether (object)

Name	Type	Description
dest_mac	string
src_mac	string
ether_type	integer	Ethernet type value
dest_macs	array of strings
src_macs	array of strings

29.1.293. enip (object)

Name	Type	Description
request	object
response	object

29.1.294. enip.response (object)

Name	Type	Description
command	string
status	string
register_session	object
list_services	object
identity	object
cip	object

29.1.295. enip.response.cip (object)

Name	Type	Description
service	string
status	string
status_extended	string
status_extended_meaning	string
multiple	array of objects

29.1.296. enip.response.cip.multiple (array of objects)

Name	Type	Description
service	string
status	string
status_extended	string
status_extended_meaning	string

29.1.297. enip.response.identity (object)

Name	Type	Description
protocol_version	integer
revision	string
vendor_id	string
device_type	string
product_code	integer
status	integer
serial	integer
product_name	string
state	integer

29.1.298. enip.response.list_services (object)

Name	Type	Description
protocol_version	integer
capabilities	integer
service_name	string

29.1.299. enip.response.register_session (object)

Name	Type	Description
protocol_version	integer
options	integer

29.1.300. enip.request (object)

Name	Type	Description
command	string
status	string
register_session	object
cip	object

29.1.301. enip.request.cip (object)

Name	Type	Description
service	string
path	array of objects
class_name	string
multiple	array of objects

29.1.302. enip.request.cip.multiple (array of objects)

Name	Type	Description
service	string
path	array of objects
class_name	string

29.1.303. enip.request.cip.multiple.path (array of objects)

Name	Type	Description
segment_type	string
value	integer

29.1.304. enip.request.cip.path (array of objects)

Name	Type	Description
segment_type	string
value	integer

29.1.305. enip.request.register_session (object)

Name	Type	Description
protocol_version	integer
options	integer

29.1.306. engine (object)

Name	Type	Description
error	string
error_code	integer
message	string
thread_name	string
module	string

29.1.307. email (object)

Name	Type	Description
body_md5	string
cc	array of strings
date	string
from	string
has_exe_url	boolean
has_ipv4_url	boolean
has_ipv6_url	boolean
received	array of strings
status	string
subject	string
subject_md5	string
to	array of strings
url	array of strings
x_mailer	string
attachment	array of strings
message_id	string

29.1.308. drop (object)

Name	Type	Description
ack	boolean
fin	boolean
flowlbl	integer
hoplimit	integer
tc	integer
icmp_id	integer
icmp_seq	integer
ipid	integer
len	integer
psh	boolean
rst	boolean
syn	boolean
tcpack	integer
tcpres	integer
tcpseq	integer
tcpurgp	integer
tcpwin	integer
tos	integer
ttl	integer
udplen	integer
urg	boolean
reason	string
verdict	object

29.1.309. drop.verdict (object)

Name	Type	Description
action	string
reject	array of strings
reject-target	string

29.1.310. dns (object)

Name	Type	Description
aa	boolean
flags	string
id	integer
qr	boolean
ra	boolean
rcode	string
rd	boolean
rrname	string
rrtype	string
tx_id	integer
type	string
version	integer	The version of this EVE DNS event
opcode	integer	DNS opcode as an integer
tc	boolean	DNS truncation flag
answers	array of objects
authorities	array of objects
additionals	array of objects
query	array of objects
queries	array of objects
answer	object
grouped	object
z	boolean

29.1.311. dns.grouped (object)

Name	Type	Description
A	array of strings
AAAA	array of strings
CNAME	array of strings
MX	array of strings
NS	array of strings
NULL	array of strings
PTR	array of strings
SOA	array of unknowns
SRV	array of objects
TXT	array of strings
SSHFP	array of objects	A Secure Shell fingerprint is used to verify the system’s authenticity

29.1.312. dns.grouped.SSHFP (array of objects)

Name	Type	Description
fingerprint	string
algo	integer
type	integer

29.1.313. dns.grouped.SRV (array of objects)

Name	Type	Description
name	string
port	integer
priority	integer
weight	integer

29.1.314. dns.answer (object)

Name	Type	Description
flags	string
id	integer
qr	boolean
ra	boolean
rcode	string
rd	boolean
rrname	string
rrtype	string
type	string
version	integer
opcode	integer	DNS opcode as an integer
authorities	array of objects
additionals	array of objects

29.1.315. dns.answer.additionals (array of objects)

Name	Type	Description
rdata	string
rrname	string
rrtype	string
ttl	integer
opt	array of objects

29.1.316. dns.answer.additionals.opt (array of objects)

Name	Type	Description
code	integer
data	string

29.1.317. dns.answer.authorities (array of objects)

Name	Type	Description
rdata	string
rrname	string
rrtype	string
ttl	integer
soa	object
rdata_truncated	boolean	Set to true if the rdata was too long and truncated by Suricata
rrname_truncated	boolean	Set to true if the rrname was too long and truncated by Suricata

29.1.318. dns.answer.authorities.soa (object)

Name	Type	Description
expire	integer
minimum	integer
mname	string
refresh	integer
retry	integer
rname	string
serial	integer
mname_truncated	boolean	Set to true if the mname was too long and truncated by Suricata

29.1.319. dns.queries (array of objects)

Name	Type	Description
id	integer
rrname	string
rrtype	string
tx_id	integer
type	string
z	boolean
opcode	integer	DNS opcode as an integer
rrname_truncated	boolean	Set to true if the rrname was too long and truncated by Suricata

29.1.320. dns.query (array of objects)

Name	Type	Description
id	integer
rrname	string
rrtype	string
tx_id	integer
type	string
z	boolean
opcode	integer	DNS opcode as an integer

29.1.321. dns.additionals (array of objects)

Name	Type	Description
rdata	string
rrname	string
rrtype	string
ttl	integer
opt	array of objects

29.1.322. dns.additionals.opt (array of objects)

Name	Type	Description
code	integer
data	string

29.1.323. dns.authorities (array of objects)

Name	Type	Description
rdata	string
rrname	string
rrtype	string
ttl	integer
soa	object
rdata_truncated	boolean	Set to true if the rdata was too long and truncated by Suricata
rrname_truncated	boolean	Set to true if the rrname was too long and truncated by Suricata

29.1.324. dns.authorities.soa (object)

Name	Type	Description
expire	integer
minimum	integer
mname	string
refresh	integer
retry	integer
rname	string
serial	integer
mname_truncated	boolean	Set to true if the mname was too long and truncated by Suricata

29.1.325. dns.answers (array of objects)

Name	Type	Description
rdata	string
rrname	string
rrtype	string
ttl	integer
soa	object
srv	object
sshfp	object	A Secure Shell fingerprint, used to verify the system’s authenticity

29.1.326. dns.answers.sshfp (object)

Name	Type	Description
fingerprint	string
algo	integer
type	integer

29.1.327. dns.answers.srv (object)

Name	Type	Description
name	string
port	integer
priority	integer
weight	integer

29.1.328. dns.answers.soa (object)

Name	Type	Description
expire	integer
minimum	integer
mname	string
refresh	integer
retry	integer
rname	string
serial	integer
mname_truncated	boolean	Set to true if the mname was too long and truncated by Suricata

29.1.329. dnp3 (object)

Name	Type	Description
dst	integer
src	integer
type	string
application	object
control	object
iin	object
request	object
response	object

29.1.330. dnp3.response (object)

Name	Type	Description
dst	integer
src	integer
type	string
application	object
control	object
iin	object

29.1.331. dnp3.response.iin (object)

Name	Type	Description
indicators	array of strings

29.1.332. dnp3.response.control (object)

Name	Type	Description
dir	boolean
fcb	boolean
fcv	boolean
function_code	integer
pri	boolean

29.1.333. dnp3.response.application (object)

Name	Type	Description
complete	boolean
function_code	integer
objects	array of objects
control	object

29.1.334. dnp3.response.application.control (object)

Name	Type	Description
con	boolean
fin	boolean
fir	boolean
sequence	integer
uns	boolean

29.1.335. dnp3.response.application.objects (array of objects)

Name	Type	Description
count	integer
group	integer
prefix_code	integer
qualifier	integer
range_code	integer
start	integer
stop	integer
variation	integer
points	array of objects

29.1.336. dnp3.request (object)

Name	Type	Description
dst	integer
src	integer
type	string
application	object
control	object

29.1.337. dnp3.request.control (object)

Name	Type	Description
dir	boolean
fcb	boolean
fcv	boolean
function_code	integer
pri	boolean

29.1.338. dnp3.request.application (object)

Name	Type	Description
complete	boolean
function_code	integer
objects	array of objects
control	object

29.1.339. dnp3.request.application.control (object)

Name	Type	Description
con	boolean
fin	boolean
fir	boolean
sequence	integer
uns	boolean

29.1.340. dnp3.request.application.objects (array of objects)

Name	Type	Description
count	integer
group	integer
prefix_code	integer
qualifier	integer
range_code	integer
start	integer
stop	integer
variation	integer
points	array of objects

29.1.341. dnp3.iin (object)

Name	Type	Description
indicators	array of strings

29.1.342. dnp3.control (object)

Name	Type	Description
dir	boolean
fcb	boolean
fcv	boolean
function_code	integer
pri	boolean

29.1.343. dnp3.application (object)

Name	Type	Description
complete	boolean
function_code	integer
objects	array of objects
control	object

29.1.344. dnp3.application.control (object)

Name	Type	Description
con	boolean
fin	boolean
fir	boolean
sequence	integer
uns	boolean

29.1.345. dnp3.application.objects (array of objects)

Name	Type	Description
count	integer
group	integer
prefix_code	integer
qualifier	integer
range_code	integer
start	integer
stop	integer
variation	integer
points	array of objects

29.1.346. dhcp (object)

Name	Type	Description
assigned_ip	string
client_id	string
client_ip	string
client_mac	string
dhcp_type	string
hostname	string
id	integer
lease_time	integer
next_server_ip	string
rebinding_time	integer
relay_ip	string
renewal_time	integer
requested_ip	string
subnet_mask	string
type	string
vendor_class_identifier	string
dns_servers	array of strings
params	array of strings
routers	array of strings

29.1.347. dcerpc (object)

Name	Type	Description
activityuuid	string
call_id	integer
request	string
response	string
rpc_version	string
seqnum	integer
interfaces	array of objects
req	object
res	object

29.1.348. dcerpc.res (object)

Name	Type	Description
frag_cnt	integer
stub_data_size	integer

29.1.349. dcerpc.req (object)

Name	Type	Description
frag_cnt	integer
opnum	integer
stub_data_size	integer

29.1.350. dcerpc.interfaces (array of objects)

Name	Type	Description
ack_result	integer
uuid	string
version	string

29.1.351. bittorrent_dht (object)

Name	Type	Description
transaction_id	string
client_version	string
request_type	string
request	object
response	object
error	object

29.1.352. bittorrent_dht.error (object)

Name	Type	Description
num	integer
msg	string

29.1.353. bittorrent_dht.response (object)

Name	Type	Description
id	string
nodes	array of objects
nodes6	array of objects
token	string
values	array of objects

29.1.354. bittorrent_dht.response.nodes6 (array of objects)

Name	Type	Description
id	string
ip	string
port	number

29.1.355. bittorrent_dht.request (object)

Name	Type	Description
id	string
target	string
implied_port	integer
info_hash	string
port	integer
token	string

29.1.356. arp (object)

Name	Type	Description
hw_type	string	Network link protocol type
proto_type	string	Internetwork protocol for which the ARP request is intended
opcode	string	Specifies the operation that the sender is performing
src_mac	string	Physical address of the sender
src_ip	string	Logical address of the sender
dest_mac	string	Physical address of the intended receiver
dest_ip	string	Logical address of the intended receiver

29.1.357. anomaly (object)

Name	Type	Description
app_proto	string
event	string
layer	string
type	string
code	integer

29.1.358. alert (object)

Name	Type	Description
action	string
category	string
gid	integer
rev	integer
rule	string
severity	integer
signature	string
signature_id	integer
xff	string
metadata	object
references	array of strings
source	object
target	object

29.1.359. alert.target (object)

Name	Type	Description
ip	string
port	integer

29.1.360. alert.source (object)

Name	Type	Description
ip	string
port	integer

29.1.361. alert.metadata (object)

Name	Type	Description
affected_product	array of strings
attack_target	array of strings
created_at	array of strings
deployment	array of strings
former_category	array of strings
malware_family	array of strings
policy	array of strings
signature_severity	array of strings
tag	array of strings
updated_at	array of strings

29.1.362. files (array of objects)

Name	Type	Description
end	integer
filename	string
file_id	integer
gaps	boolean
magic	string
md5	string
sha1	string
sha256	string
size	integer
start	integer
state	string
stored	boolean
storing	boolean	the file is set to be stored when completed
tx_id	integer
sid	array of integers

29.1.363. verdict (object)

Name	Type	Description
action	string
reject	array of strings
reject-target	string