Top Level (object) ^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================== ================ ====================================================================================================================================================================== Name Type Description ================== ================ ====================================================================================================================================================================== alert object anomaly object app_proto string Application layer protocol of the flow app_proto_expected string In case of a protocol change to a specific protocol, and this specific protocol was not recognised, this field will have the value of the expected protocol app_proto_orig string Original application layer protocol of the flow after a protocol change app_proto_tc string Application layer protocol detected to client in case of mismatch app_proto_ts string Application layer protocol detected to server in case of mismatch arp object bittorrent_dht object capture_file string community_id string dcerpc object dest_ip string dest_port integer dhcp object direction string dnp3 object dns object drop object email object engine object enip object ether object event_type string fileinfo object files array of objects flow object flow_id integer frame object ftp object ftp_data object host string the sensor-name, if configured http object icmp_code integer icmp_type integer ike object in_iface string ip_v integer IP version of the packet or flow krb5 object ldap object log_level string mdns object mDNS requests and responses metadata object modbus object mqtt object ndpi object nDPI plugin, contents provided by 3rd party library netflow object nfs object packet string packet_info object parent_id integer payload string payload_length integer payload_printable string pcap_cnt integer pcap_filename string pgsql object pkt_src string pop3 object proto string quic object rdp object response_icmp_code integer response_icmp_type integer rfb object rpc object sip object smb object smtp object snmp object spi integer src_ip string src_port integer ssh object stats object stream integer stream_tcp object suricata_version string tc_progress string tcp object template object tftp object timestamp string tls object traffic object ts_progress string tunnel object tx_guessed boolean the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect tx_id integer verdict object vlan array of numbers websocket object ================== ================ ====================================================================================================================================================================== websocket (object) ^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================= ======= =========== Name Type Description ================= ======= =========== fin boolean mask integer opcode string payload_base64 string payload_printable string ================= ======= =========== verdict (object) ^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ================ =========== Name Type Description ============= ================ =========== action string reject array of strings reject-target string ============= ================ =========== tunnel (object) ^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ======= =========== Name Type Description ========= ======= =========== depth integer dest_ip string dest_port integer pcap_cnt integer pkt_src string proto string src_ip string src_port integer ========= ======= =========== traffic (object) ^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===== ================ =========== Name Type Description ===== ================ =========== id array of strings label array of strings ===== ================ =========== tls (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ================ ================================== Name Type Description ================ ================ ================================== certificate string chain array of strings client object client_alpns array of strings TLS client ALPN field(s) client_handshake object fingerprint string from_proto string issuerdn string ja3 object ja3s object ja4 string notafter string notbefore string serial string server_alpns array of strings TLS server ALPN field(s) server_handshake object session_resumed boolean sni string subject string subjectaltname array of strings TLS Subject Alternative Name field version string ================ ================ ================================== tls.server_handshake (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ================= =========================== Name Type Description ======= ================= =========================== cipher integer TLS server's chosen cipher exts array of integers TLS server extension(s) version string TLS version in server hello ======= ================= =========================== tls.ja3s (object) ^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ====== =========== Name Type Description ====== ====== =========== hash string string string ====== ====== =========== tls.ja3 (object) ^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ====== =========== Name Type Description ====== ====== =========== hash string string string ====== ====== =========== tls.client_handshake (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ================= ================================= Name Type Description ======== ================= ================================= ciphers array of integers TLS client cipher(s) exts array of integers TLS client extension(s) sig_algs array of integers TLS client signature algorithm(s) version string TLS version in client hello ======== ================= ================================= tls.client (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ================ ================================== Name Type Description ============== ================ ================================== certificate string chain array of strings fingerprint string issuerdn string notafter string notbefore string serial string subject string subjectaltname array of strings TLS Subject Alternative Name field ============== ================ ================================== tftp (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ====== =========== Name Type Description ====== ====== =========== file string mode string packet string ====== ====== =========== template (object) ^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ====== =========== Name Type Description ======== ====== =========== request string response string ======== ====== =========== tcp (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================== ======= =================================================================== Name Type Description ================== ======= =================================================================== ack boolean cwr boolean ecn boolean fin boolean psh boolean rst boolean state string syn boolean tc_gap boolean tc_max_regions integer tc_urgent_oob_data integer Number of Out-of-Band bytes sent by server using TCP urgent packets tcp_flags string tcp_flags_tc string tcp_flags_ts string ts_gap boolean ts_max_regions integer ts_urgent_oob_data integer Number of Out-of-Band bytes sent by client using TCP urgent packets urg boolean ================== ======= =================================================================== stats (object) ^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= ======================== Name Type Description ================ ======= ======================== app_layer object capture object decoder object defrag object detect object exception_policy object file_store object flow object flow_bypassed object flow_mgr object ftp object host object http object ippair object ips object memcap object pcap_log object tcp object uptime integer Suricata engine's uptime ================ ======= ======================== stats.tcp (object) ^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======================== ======= ================================================== Name Type Description ======================== ======= ================================================== ack_unseen_data integer active_sessions integer insert_data_normal_fail integer insert_data_overlap_fail integer insert_list_fail integer invalid_checksum integer memuse integer midstream_pickups integer no_flow integer overlap integer overlap_diff_data integer pkt_on_wrong_thread integer pseudo integer reassembly_gap integer reassembly_memuse integer rst integer segment_from_cache integer segment_from_pool integer segment_memcap_drop integer sessions integer ssn_from_cache integer ssn_from_pool integer ssn_memcap_drop integer stream_depth_reached integer syn integer synack integer urg integer Number of TCP packets with the urgent flag set urgent_oob_data integer Number of OOB bytes tracked in TCP urgent handling ======================== ======= ================================================== stats.pcap_log (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ======= =================================================== Name Type Description ============ ======= =================================================== filtered_bpf integer Number of packets filtered out by bpf (not written) written integer Number of packets written ============ ======= =================================================== stats.memcap (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ======= ================================================================================ Name Type Description ============ ======= ================================================================================ pressure integer Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http pressure_max integer Maximum pressure seen by the engine ============ ======= ================================================================================ stats.ips (object) ^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= ================================================= Name Type Description =========== ======= ================================================= accepted integer Number of accepted packets blocked integer Number of blocked packets drop_reason object Number of dropped packets, grouped by drop reason rejected integer Number of rejected packets replaced integer Number of replaced packets =========== ======= ================================================= stats.ips.drop_reason (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========================== ======= =================================================================== Name Type Description ========================== ======= =================================================================== applayer_error integer Number of packets dropped due to app-layer error exception policy applayer_memcap integer Number of packets dropped due to applayer memcap decode_error integer Number of packets dropped due to decoding errors default_app_policy integer Number of packets dropped due to default app policy default_packet_policy integer Number of packets dropped due to default packet policy defrag_error integer Number of packets dropped due to defragmentation errors defrag_memcap integer Number of packets dropped due to defrag memcap exception policy flow_drop integer Number of packets dropped due to dropped flows flow_memcap integer Number of packets dropped due to flow memcap exception policy nfq_error integer Number of packets dropped due to no NFQ verdict pre_flow_hook integer Number of packets dropped in the pre_flow hook pre_stream_hook integer Number of packets dropped in the pre_stream hook rules integer Number of packets dropped due to rule actions stream_error integer Number of packets dropped due to invalid TCP stream stream_memcap integer Number of packets dropped due to stream memcap exception policy stream_midstream integer Number of packets dropped due to stream midstream exception policy stream_reassembly integer Number of packets dropped due to stream reassembly exception policy stream_urgent integer Number of packets dropped due to TCP urgent flag threshold_detection_filter integer Number of packets dropped due to threshold detection filter tunnel_packet_drop integer Number of packets dropped due to inner tunnel packet being dropped ========================== ======= =================================================================== stats.ippair (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ======= =========== Name Type Description ====== ======= =========== memcap integer memuse integer ====== ======= =========== stats.http (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ======= =========== Name Type Description ========= ======= =========== byterange object memcap integer memuse integer ========= ======= =========== stats.http.byterange (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ======= =========== Name Type Description ====== ======= =========== memcap integer memuse integer ====== ======= =========== stats.host (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ======= =========== Name Type Description ====== ======= =========== memcap integer memuse integer ====== ======= =========== stats.ftp (object) ^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ======= =========== Name Type Description ====== ======= =========== memcap integer memuse integer ====== ======= =========== stats.flow_mgr (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ======= =========== Name Type Description =============== ======= =========== bypassed_pruned integer closed_pruned integer est_pruned integer flows_checked integer flows_notimeout integer flows_removed integer flows_timeout integer new_pruned integer rows_busy integer rows_checked integer rows_empty integer rows_maxlen integer rows_skipped integer =============== ======= =========== stats.flow_bypassed (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =================== ======= =========== Name Type Description =================== ======= =========== bytes integer closed integer local_bytes integer local_capture_bytes integer local_capture_pkts integer local_pkts integer pkts integer =================== ======= =========== stats.flow (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==================== ======= =============================================================================================== Name Type Description ==================== ======= =============================================================================================== active integer Number of currently active flows elephant integer Total number of elephant flows emerg_mode_entered integer Number of times emergency mode was entered emerg_mode_over integer Number of times recovery was made from emergency mode end object get_used integer Number of reused flows from the hash table in case memcap was reached and spare pool was empty get_used_eval integer Number of attempts at getting a flow directly from the hash get_used_eval_busy integer Number of times a flow was found in the hash but the lock for hash bucket could not be obtained get_used_eval_reject integer Number of flows that were evaluated but rejected from reuse as they were still alive/active get_used_failed integer Number of times retrieval of flow from hash was attempted but was unsuccessful icmpv4 integer Number of ICMPv4 flows icmpv6 integer Number of ICMPv6 flows memcap integer Number of times memcap was reached for flows memuse integer Memory currently in use by the flows mgr object recycler object spare integer Number of flows in the spare pool tcp integer Number of TCP flows tcp_reuse integer Number of TCP flows that were reused as they seemed to share the same flow tuple total integer Total number of flows udp integer Number of UDP flows wrk object ==================== ======= =============================================================================================== stats.flow.wrk (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======================== ======= =========== Name Type Description ======================== ======= =========== flows_evicted integer flows_evicted_needs_work integer flows_evicted_pkt_inject integer flows_injected integer flows_injected_max integer spare_sync integer spare_sync_avg integer spare_sync_empty integer spare_sync_incomplete integer ======================== ======= =========== stats.flow.recycler (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ======= ========================================== Name Type Description ========= ======= ========================================== queue_avg integer average number of recycled flows per queue queue_max integer maximum number of recycled flows per queue recycled integer number of recycled flows ========= ======= ========================================== stats.flow.mgr (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======================== ======= ============================================================================================================= Name Type Description ======================== ======= ============================================================================================================= flows_checked integer number of flows checked for timeout in the last pass flows_evicted integer number of flows that were evicted flows_evicted_needs_work integer number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work flows_notimeout integer number of flows that did not time out flows_timeout integer number of flows that reached the time out full_hash_pass integer number of times a full pass of the hash table was done rows_maxlen integer size of the biggest row in the hash table rows_per_sec integer number of rows to be scanned every second by a worker ======================== ======= ============================================================================================================= stats.flow.end (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== state object tcp_liberal integer tcp_state object =========== ======= =========== stats.flow.end.tcp_state (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== close_wait integer closed integer closing integer established integer fin_wait1 integer fin_wait2 integer last_ack integer none integer syn_recv integer syn_sent integer time_wait integer =========== ======= =========== stats.flow.end.state (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== capture_bypassed integer closed integer established integer local_bypassed integer new integer ================ ======= =========== stats.file_store (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================== ======= =========== Name Type Description ================== ======= =========== fs_errors integer open_files integer open_files_max_hit integer ================== ======= =========== stats.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ====== =========== Name Type Description ========= ====== =========== app_layer object defrag object flow object tcp object ========= ====== =========== stats.detect (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==================== ================ =========== Name Type Description ==================== ================ =========== alert integer alert_queue_overflow integer alerts_suppressed integer engines array of objects fnonmpm_list integer lua object match_list integer mpm_list integer nonmpm_list integer ==================== ================ =========== stats.detect.lua (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======================== ======= ===================================================================== Name Type Description ======================== ======= ===================================================================== blocked_function_errors integer Counter for Lua scripts failing due to blocked functions being called errors integer Errors encountered while running Lua scripts instruction_limit_errors integer Count of Lua rules exceeding the instruction limit memory_limit_errors integer Count of Lua rules exceeding the memory limit ======================== ======= ===================================================================== stats.detect.engines (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== id integer last_reload string rules_failed integer rules_loaded integer rules_skipped integer ============= ======= =========== stats.defrag (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==================== ======= ================================================================================== Name Type Description ==================== ======= ================================================================================== ipv4 object ipv6 object max_frags_reached integer How many times a fragment wasn't stored due to max-frags limit being reached max_trackers_reached integer How many times a packet wasn't reassembled due to max-trackers limit being reached memuse integer Current memory use. mgr object tracker_hard_reuse integer Active tracker force closed before completion and reused for new tracker tracker_soft_reuse integer Finished tracker re-used from hash table before being moved to spare pool wrk object ==================== ======= ================================================================================== stats.defrag.wrk (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ======= =========== Name Type Description =============== ======= =========== tracker_timeout integer =============== ======= =========== stats.defrag.mgr (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ======= =========== Name Type Description =============== ======= =========== tracker_timeout integer =============== ======= =========== stats.defrag.ipv6 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== fragments integer reassembled integer timeouts integer =========== ======= =========== stats.defrag.ipv4 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== fragments integer reassembled integer timeouts integer =========== ======= =========== stats.decoder (object) ^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================= ======= ===================================== Name Type Description ================= ======= ===================================== arp integer avg_pkt_size integer bytes integer chdlc integer erspan integer esp integer ethernet integer event object geneve integer gre integer icmpv4 integer icmpv6 integer ieee8021ah integer invalid integer ipv4 integer ipv4_in_ipv4 integer ipv4_in_ipv6 integer ipv6 integer ipv6_in_ipv4 integer ipv6_in_ipv6 integer max_mac_addrs_dst integer max_mac_addrs_src integer max_pkt_size integer mpls integer nsh integer null integer pkts integer ppp integer pppoe integer raw integer sctp integer sll integer sll2 integer The number of SLL2 frames encountered tcp integer teredo integer too_many_layers integer udp integer unknown_ethertype integer vlan integer vlan_qinq integer vlan_qinqinq integer vntag integer vxlan integer ================= ======= ===================================== stats.decoder.event (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ====== ============================================================= Name Type Description ========== ====== ============================================================= afpacket object arp object chdlc object dce object erspan object esp object ethernet object geneve object gre object icmpv4 object icmpv6 object ieee8021ah object ipraw object ipv4 object ipv6 object ltnull object mpls object nsh object ppp object pppoe object sctp object sll object sll2 object The number of times the SLL2 header was too small to be valid tcp object udp object vlan object vntag object vxlan object ========== ====== ============================================================= stats.decoder.event.vxlan (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==================== ======= =========== Name Type Description ==================== ======= =========== unknown_payload_type integer ==================== ======= =========== stats.decoder.event.vntag (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== header_too_small integer unknown_type integer ================ ======= =========== stats.decoder.event.vlan (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== header_too_small integer too_many_layers integer unknown_type integer ================ ======= =========== stats.decoder.event.udp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== hlen_invalid integer hlen_too_small integer len_invalid integer pkt_too_small integer ============== ======= =========== stats.decoder.event.tcp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ======= =========== Name Type Description =============== ======= =========== hlen_too_small integer invalid_optlen integer opt_duplicate integer opt_invalid_len integer pkt_too_small integer =============== ======= =========== stats.decoder.event.sll2 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== pkt_too_small integer ============= ======= =========== stats.decoder.event.sll (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== pkt_too_small integer ============= ======= =========== stats.decoder.event.sctp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== pkt_too_small integer ============= ======= =========== stats.decoder.event.pppoe (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== malformed_tags integer pkt_too_small integer wrong_code integer ============== ======= =========== stats.decoder.event.ppp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================= ======= =========== Name Type Description ================= ======= =========== ip4_pkt_too_small integer ip6_pkt_too_small integer pkt_too_small integer unsup_proto integer vju_pkt_too_small integer wrong_type integer ================= ======= =========== stats.decoder.event.nsh (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =================== ======= =========== Name Type Description =================== ======= =========== bad_header_length integer header_too_small integer reserved_type integer unknown_payload integer unsupported_type integer unsupported_version integer =================== ======= =========== stats.decoder.event.mpls (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======================= ======= =========== Name Type Description ======================= ======= =========== bad_label_implicit_null integer bad_label_reserved integer bad_label_router_alert integer header_too_small integer pkt_too_small integer unknown_payload_type integer ======================= ======= =========== stats.decoder.event.ltnull (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== pkt_too_small integer unsupported_type integer ================ ======= =========== stats.decoder.event.ipv6 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========================== ======= =========== Name Type Description ========================== ======= =========== data_after_none_header integer dstopts_only_padding integer dstopts_unknown_opt integer exthdr_ah_res_not_null integer exthdr_dupl_ah integer exthdr_dupl_dh integer exthdr_dupl_eh integer exthdr_dupl_fh integer exthdr_dupl_hh integer exthdr_dupl_rh integer exthdr_invalid_optlen integer exthdr_useless_fh integer fh_non_zero_reserved_field integer frag_ignored integer frag_invalid_length integer frag_overlap integer frag_pkt_too_large integer hopopts_only_padding integer hopopts_unknown_opt integer icmpv4 integer ipv4_in_ipv6_too_small integer ipv4_in_ipv6_wrong_version integer ipv6_in_ipv6_too_small integer ipv6_in_ipv6_wrong_version integer pkt_too_small integer rh_type_0 integer trunc_exthdr integer trunc_pkt integer unknown_next_header integer wrong_ip_version integer zero_len_padn integer ========================== ======= =========== stats.decoder.event.ipv4 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======================= ======= =========== Name Type Description ======================= ======= =========== frag_ignored integer frag_overlap integer frag_pkt_too_large integer hlen_too_small integer icmpv6 integer iplen_smaller_than_hlen integer opt_duplicate integer opt_eol_required integer opt_invalid integer opt_invalid_len integer opt_malformed integer opt_pad_required integer opt_unknown integer pkt_too_small integer trunc_pkt integer wrong_ip_version integer ======================= ======= =========== stats.decoder.event.ipraw (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================== ======= =========== Name Type Description ================== ======= =========== invalid_ip_version integer ================== ======= =========== stats.decoder.event.ieee8021ah (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== header_too_small integer ================ ======= =========== stats.decoder.event.icmpv6 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========================== ======= =========== Name Type Description =========================== ======= =========== experimentation_type integer ipv6_trunc_pkt integer ipv6_unknown_version integer mld_message_with_invalid_hl integer pkt_too_small integer unassigned_type integer unknown_code integer unknown_type integer =========================== ======= =========== stats.decoder.event.icmpv4 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== ipv4_trunc_pkt integer ipv4_unknown_ver integer pkt_too_small integer unknown_code integer unknown_type integer ================ ======= =========== stats.decoder.event.gre (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========================== ======= =========== Name Type Description ========================== ======= =========== pkt_too_small integer version0_flags integer version0_hdr_too_big integer version0_malformed_sre_hdr integer version0_recur integer version1_chksum integer version1_flags integer version1_hdr_too_big integer version1_malformed_sre_hdr integer version1_no_key integer version1_recur integer version1_route integer version1_ssr integer version1_wrong_protocol integer wrong_version integer ========================== ======= =========== stats.decoder.event.geneve (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==================== ======= =========== Name Type Description ==================== ======= =========== unknown_payload_type integer ==================== ======= =========== stats.decoder.event.ethernet (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================= ======= =========== Name Type Description ================= ======= =========== pkt_too_small integer unknown_ethertype integer ================= ======= =========== stats.decoder.event.esp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== pkt_too_small integer ============= ======= =========== stats.decoder.event.erspan (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==================== ======= =========== Name Type Description ==================== ======= =========== header_too_small integer too_many_vlan_layers integer unsupported_version integer ==================== ======= =========== stats.decoder.event.dce (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== pkt_too_small integer ============= ======= =========== stats.decoder.event.chdlc (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== pkt_too_small integer ============= ======= =========== stats.decoder.event.arp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===================== ======= =========== Name Type Description ===================== ======= =========== invalid_hardware_size integer invalid_protocol_size integer pkt_too_small integer unsupported_hardware integer unsupported_opcode integer unsupported_pkt integer unsupported_protocol integer ===================== ======= =========== stats.decoder.event.afpacket (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ======= ======================================== Name Type Description ========= ======= ======================================== trunc_pkt integer Number of packets truncated by AF_PACKET ========= ======= ======================================== stats.capture (object) ^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== kernel_drops integer kernel_ifdrops integer kernel_packets integer ============== ======= =========== stats.app_layer (object) ^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ======= =========================================== Name Type Description ============ ======= =========================================== error object expectations integer Expectation (dynamic parallel flow) counter flow object tx object ============ ======= =========================================== stats.app_layer.tx (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =================================================== Name Type Description ============== ======= =================================================== bittorrent-dht integer Number of transactions for BitTorrent DHT protocol dcerpc_tcp integer Number of transactions for DCERPC/TCP protocol dcerpc_udp integer Number of transactions for DCERPC/UDP protocol dhcp integer Number of transactions for DHCP dnp3 integer Number of transactions for DNP3 dns_tcp integer Number of transactions for DNS/TCP protocol dns_udp integer Number of transactions for DNS/UDP protocol doh2 integer enip_tcp integer Number of transactions for ENIP/TCP enip_udp integer Number of transactions for ENIP/UDP ftp integer Number of transactions for FTP ftp-data integer Number of transactions for FTP data protocol http integer Number of transactions for HTTP http2 integer Number of transactions for HTTP/2 ike integer Number of transactions for IKE protocol ikev2 integer Number of transactions for IKE v2 protocol imap integer Number of transactions for IMAP krb5_tcp integer Number of transactions for Kerberos v5/TCP protocol krb5_udp integer Number of transactions for Kerberos v5/UDP protocol ldap_tcp integer Number of transactions for LDAP/TCP protocol ldap_udp integer Number of transactions for LDAP/UDP protocol mdns integer Number of transactions for mDNS modbus integer Number of transactions for Modbus protocol mqtt integer Number of transactions for MQTT protocol nfs_tcp integer Number of transactions for NFS/TCP protocol nfs_udp integer Number of transactions for NFS/UDP protocol ntp integer Number of transactions for NTP pgsql integer Number of transactions for PostgreSQL protocol pop3 integer quic integer Number of transactions for QUIC protocol rdp integer Number of transactions for RDP rfb integer Number of transactions for RFB protocol sip_tcp integer Number of transactions for SIP/TCP protocol sip_udp integer Number of transactions for SIP/UDP protocol smb integer Number of transactions for SMB protocol smtp integer Number of transactions for SMTP snmp integer Number of transactions for SNMP ssh integer Number of transactions for SSH protocol telnet integer Number of transactions for Telnet protocol tftp integer Number of transactions for TFTP tls integer Number of transactions for TLS protocol websocket integer ============== ======= =================================================== stats.app_layer.flow (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= ============================================ Name Type Description ============== ======= ============================================ bittorrent-dht integer Number of flows for BitTorrent DHT protocol dcerpc_tcp integer Number of flows for DCERPC/TCP protocol dcerpc_udp integer Number of flows for DCERPC/UDP protocol dhcp integer Number of flows for DHCP dnp3 integer Number of flows for DNP3 dns_tcp integer Number of flows for DNS/TCP protocol dns_udp integer Number of flows for DNS/UDP protocol doh2 integer enip_tcp integer Number of flows for ENIP/TCP enip_udp integer Number of flows for ENIP/UDP failed_tcp integer Number of failed flows for TCP failed_udp integer Number of failed flows for UDP ftp integer Number of flows for FTP ftp-data integer Number of flows for FTP data protocol http integer Number of flows for HTTP http2 integer Number of flows for HTTP/2 ike integer Number of flows for IKE protocol ikev2 integer Number of flows for IKE v2 protocol imap integer Number of flows for IMAP krb5_tcp integer Number of flows for Kerberos v5/TCP protocol krb5_udp integer Number of flows for Kerberos v5/UDP protocol ldap_tcp integer Number of flows for LDAP/TCP protocol ldap_udp integer Number of flows LDAP/UDP protocol mdns integer Number of flows for mDNS modbus integer Number of flows for Modbus protocol mqtt integer Number of flows for MQTT protocol nfs_tcp integer Number of flows for NFS/TCP protocol nfs_udp integer Number of flows for NFS/UDP protocol ntp integer Number of flows for NTP pgsql integer Number of flows for PostgreSQL protocol pop3 integer quic integer Number of flows for QUIC protocol rdp integer Number of flows for RDP rfb integer Number of flows for RFB protocol sip_tcp integer Number of flows for SIP/TCP protocol sip_udp integer Number of flows for SIP/UDP protocol smb integer Number of flows for SMB protocol smtp integer Number of flows for SMTP snmp integer Number of flows for SNMP ssh integer Number of flows for SSH protocol telnet integer Number of flows for Telnet protocol tftp integer Number of flows for TFTP tls integer Number of flows for TLS protocol websocket integer ============== ======= ============================================ stats.app_layer.error (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ====== =========== Name Type Description ============== ====== =========== bittorrent-dht object dcerpc_tcp object dcerpc_udp object dhcp object dnp3 object dns_tcp object dns_udp object doh2 object enip_tcp object enip_udp object failed_tcp object ftp object ftp-data object http object http2 object ike object imap object krb5_tcp object krb5_udp object ldap_tcp object ldap_udp object mdns object modbus object mqtt object nfs_tcp object nfs_udp object ntp object pgsql object pop3 object quic object rdp object rfb object sip_tcp object sip_udp object smb object smtp object snmp object ssh object telnet object tftp object tls object websocket object ============== ====== =========== stats.app_layer.error.websocket (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.websocket.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.tls (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.tls.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.tftp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.tftp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.telnet (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.telnet.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.ssh (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.ssh.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.snmp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.snmp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.smtp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.smtp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.smb (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.smb.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.sip_udp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.sip_udp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.sip_tcp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.sip_tcp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.rfb (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.rfb.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.rdp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.rdp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.quic (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.quic.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.pop3 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.pop3.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.pgsql (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.pgsql.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.ntp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.ntp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.nfs_udp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.nfs_udp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.nfs_tcp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.nfs_tcp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.mqtt (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.mqtt.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.modbus (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.modbus.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.mdns (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.mdns.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.ldap_udp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.ldap_udp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.ldap_tcp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.ldap_tcp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.krb5_udp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.krb5_udp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.krb5_tcp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.krb5_tcp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.imap (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.imap.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.ike (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.ike.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.http2 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.http2.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.http (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.http.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.ftp-data (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.ftp-data.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.ftp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.ftp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.failed_tcp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.failed_tcp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.enip_udp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.enip_udp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.enip_tcp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.enip_tcp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.doh2 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.doh2.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.dns_udp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.dns_udp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.dns_tcp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.dns_tcp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.dnp3 (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.dnp3.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.dhcp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.dhcp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.dcerpc_udp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.dcerpc_udp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.dcerpc_tcp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.dcerpc_tcp.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== stats.app_layer.error.bittorrent-dht (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =================================== Name Type Description ================ ======= =================================== alloc integer Number of errors allocating memory exception_policy object gap integer Number of errors processing gaps internal integer Number of internal parser errors parser integer Number of errors reported by parser ================ ======= =================================== stats.app_layer.error.bittorrent-dht.exception_policy (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== bypass integer drop_flow integer drop_packet integer pass_flow integer pass_packet integer reject integer =========== ======= =========== ssh (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ====== =========== Name Type Description ====== ====== =========== client object server object ====== ====== =========== ssh.server (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ====== =========== Name Type Description ================ ====== =========== hassh object proto_version string software_version string ================ ====== =========== ssh.server.hassh (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ====== =========== Name Type Description ====== ====== =========== hash string string string ====== ====== =========== ssh.client (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ====== =========== Name Type Description ================ ====== =========== hassh object proto_version string software_version string ================ ====== =========== ssh.client.hassh (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ====== =========== Name Type Description ====== ====== =========== hash string string string ====== ====== =========== snmp (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ================ =========== Name Type Description ========= ================ =========== community string pdu_type string usm string vars array of strings version integer ========= ================ =========== smtp (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ================ =========== Name Type Description ========= ================ =========== helo string mail_from string rcpt_to array of strings ========= ================ =========== smb (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================= ================ =========== Name Type Description ================= ================ =========== access string accessed integer changed integer client_dialects array of strings client_guid string command string created integer dcerpc object dialect string directory string disposition string filename string fuid string function string id integer kerberos object level_of_interest string max_read_size integer max_write_size integer modified integer named_pipe string ntlmssp object rename object request object request_done boolean response object response_done boolean server_guid string service object session_id integer set_info object share string share_type string size integer status string status_code string subcmd string tree_id integer ================= ================ =========== smb.set_info (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ====== =========== Name Type Description ========== ====== =========== class string info_level string ========== ====== =========== smb.service (object) ^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ====== =========== Name Type Description ======== ====== =========== request string response string ======== ====== =========== smb.response (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ====== =========== Name Type Description ========= ====== =========== native_lm string native_os string ========= ====== =========== smb.request (object) ^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ====== =========== Name Type Description ========= ====== =========== native_lm string native_os string ========= ====== =========== smb.rename (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ====== =========== Name Type Description ==== ====== =========== from string to string ==== ====== =========== smb.ntlmssp (object) ^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ======= =========== Name Type Description ======= ======= =========== domain string host string user string version string warning boolean ======= ======= =========== smb.kerberos (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ================ =========== Name Type Description ====== ================ =========== realm string snames array of strings ====== ================ =========== smb.dcerpc (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ =========== Name Type Description ========== ================ =========== call_id integer interfaces array of objects opnum integer req object request string res object response string ========== ================ =========== smb.dcerpc.res (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== frag_cnt integer stub_data_size integer ============== ======= =========== smb.dcerpc.req (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== frag_cnt integer stub_data_size integer ============== ======= =========== smb.dcerpc.interfaces (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ======= =========== Name Type Description ========== ======= =========== ack_reason integer ack_result integer uuid string version string ========== ======= =========== sip (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ====== ================ Name Type Description ============= ====== ================ code string method string reason string request_line string response_line string sdp object SDP message body uri string version string ============= ====== ================ sip.sdp (object) ^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================== ================ ========================================================================= Name Type Description ================== ================ ========================================================================= attributes array of strings A list of attributes to extend SDP bandwidths array of strings Proposed bandwidths to be used by the session or media connection_data string Connection data email string Email address for the person responsible for the conference encryption_key string Field used to convey encryption keys if SDP is used over a secure channel media_descriptions array of objects A list of media descriptions for a session origin string Owner of the session phone_number string Phone number for the person responsible for the conference session_info string Textual information about the session session_name string Session name time_descriptions array of objects A list of time descriptions for a session timezone string Timezone to specify adjustments for times and offsets from the base time uri string A pointer to additional information about the session version integer SDP protocol version ================== ================ ========================================================================= sip.sdp.time_descriptions (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== ================================== Name Type Description =========== ====== ================================== repeat_time string Specify repeat times for a session time string Start and stop times for a session =========== ====== ================================== sip.sdp.media_descriptions (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ================ ========================================================================= Name Type Description =============== ================ ========================================================================= attributes array of strings A list of attributes specified for a media description bandwidths array of strings A list of bandwidth proposed for a media connection_data string Connection data per media description encryption_key string Field used to convey encryption keys if SDP is used over a secure channel media string Media description media_info string Media information primarily intended for labelling media streams =============== ================ ========================================================================= rpc (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ======= =========== Name Type Description ========= ======= =========== auth_type string creds object status string xid integer ========= ======= =========== rpc.creds (object) ^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ======= =========== Name Type Description ============ ======= =========== gid integer machine_name string uid integer ============ ======= =========== rfb (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======================= ======= =========== Name Type Description ======================= ======= =========== authentication object client_protocol_version object framebuffer object screen_shared boolean server_protocol_version object ======================= ======= =========== rfb.server_protocol_version (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===== ====== =========== Name Type Description ===== ====== =========== major string minor string ===== ====== =========== rfb.framebuffer (object) ^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ======= =========== Name Type Description ============ ======= =========== height integer name string pixel_format object width integer ============ ======= =========== rfb.framebuffer.pixel_format (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== big_endian boolean bits_per_pixel integer blue_max integer blue_shift integer depth integer green_max integer green_shift integer red_max integer red_shift integer true_color boolean ============== ======= =========== rfb.client_protocol_version (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===== ====== =========== Name Type Description ===== ====== =========== major string minor string ===== ====== =========== rfb.authentication (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ======= =========== Name Type Description =============== ======= =========== security_result string security_type integer vnc object =============== ======= =========== rfb.authentication.vnc (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ====== =========== Name Type Description ========= ====== =========== challenge string response string ========= ====== =========== rdp (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ =========== Name Type Description ========== ================ =========== channels array of strings client object cookie string event_type string tx_id integer ========== ================ =========== rdp.client (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ================ =========== Name Type Description =============== ================ =========== build string capabilities array of strings client_name string color_depth integer desktop_height integer desktop_width integer function_keys integer id string keyboard_layout string keyboard_type string product_id integer version string =============== ================ =========== quic (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ ================================================================ Name Type Description ========== ================ ================================================================ cyu array of objects ja3-like fingerprint for versions of QUIC before standardization extensions array of objects list of extensions in hello ja3 object ja3 from client, as in TLS ja3s object ja3 from server, as in TLS ja4 string sni string Server Name Indication ua string User Agent for versions of QUIC before standardization version string Quic protocol version ========== ================ ================================================================ quic.ja3s (object) ^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ====== ========================== Name Type Description ====== ====== ========================== hash string ja3s hex representation string string ja3s string representation ====== ====== ========================== quic.ja3 (object) ^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ====== ========================= Name Type Description ====== ====== ========================= hash string ja3 hex representation string string ja3 string representation ====== ====== ========================= quic.extensions (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ================ ==================================== Name Type Description ====== ================ ==================================== name string human-friendly name of the extension type integer integer identifier of the extension values array of strings extension values ====== ================ ==================================== quic.cyu (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ====== ============================== Name Type Description ====== ====== ============================== hash string cyu hash hex representation string string cyu hash string representation ====== ====== ============================== pop3 (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ====== =========== Name Type Description ======== ====== =========== request object response object ======== ====== =========== pop3.response (object) ^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ================ ========================================= Name Type Description ======= ================ ========================================= data array of strings header string first line of response status string success boolean response indicated positive status ie +OK ======= ================ ========================================= pop3.request (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ================ ============================================ Name Type Description ======= ================ ============================================ args array of strings pop3 request arguments command string a pop3 command, for example `USER` or `STAT` ======= ================ ============================================ pgsql (object) ^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== request object response object tx_id integer ======== ======= =========== pgsql.response (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========================== ================ ============================================== Name Type Description =========================== ================ ============================================== authentication_md5_password string authentication_sasl_final string code string command_completed string copy_data_out object CopyData message from CopyOut mode copy_in_response object Backend/server response accepting CopyIn mode copy_out_response object Backend/server response accepting CopyOut mode data_rows integer data_size integer field_count integer file string line string message string parameter_status array of objects process_id integer routine string secret_key integer severity_localizable string severity_non_localizable string ssl_accepted boolean =========================== ================ ============================================== pgsql.response.parameter_status (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========================== ====== =========== Name Type Description =========================== ====== =========== application_name string client_encoding string date_style string integer_datetimes string interval_style string is_superuser string server_encoding string server_version string session_authorization string standard_conforming_strings string time_zone string =========================== ====== =========== pgsql.response.copy_out_response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ======= ============================================================= Name Type Description ======= ======= ============================================================= columns integer Number of columns that will be copied in the CopyData message ======= ======= ============================================================= pgsql.response.copy_in_response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ======= ============================================================= Name Type Description ======= ======= ============================================================= columns integer Number of columns that will be copied in the CopyData message ======= ======= ============================================================= pgsql.response.copy_data_out (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ======= =================================================== Name Type Description ========= ======= =================================================== data_size integer Accumulated data size of all CopyData messages sent row_count integer Number of rows sent in CopyData messages ========= ======= =================================================== pgsql.request (object) ^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============================= ======= ==================================================================================== Name Type Description ============================= ======= ==================================================================================== copy_data_in object CopyData message from CopyIn mode message string password string password_redacted boolean indicates if a password message was received but not logged due to Suricata settings process_id integer protocol_version string sasl_authentication_mechanism string sasl_param string sasl_response string secret_key integer simple_query string startup_parameters object ============================= ======= ==================================================================================== pgsql.request.startup_parameters (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =================== ================ =========== Name Type Description =================== ================ =========== optional_parameters array of objects user string =================== ================ =========== pgsql.request.startup_parameters.optional_parameters (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================== ====== =========== Name Type Description ================== ====== =========== application_name string client_encoding string database string datestyle string extra_float_digits string options string replication string ================== ====== =========== pgsql.request.copy_data_in (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ======= =============================================================================================== Name Type Description ========= ======= =============================================================================================== data_size integer Accumulated data size of all CopyData messages sent msg_count integer How many CopyData messages were sent (does not necessarily match number of rows from the query) ========= ======= =============================================================================================== packet_info (object) ^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= ==================================== Name Type Description ============= ======= ==================================== linktype integer linktype_name string the descriptive name of the linktype ============= ======= ==================================== nfs (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ======= =========== Name Type Description ========= ======= =========== file_tx boolean filename string hhash string id integer procedure string read object rename object status string type string version integer write object ========= ======= =========== nfs.write (object) ^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== chunks integer first boolean last boolean last_xid integer ======== ======= =========== nfs.rename (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ====== =========== Name Type Description ==== ====== =========== from string to string ==== ====== =========== nfs.read (object) ^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== chunks integer first boolean last boolean last_xid integer ======== ======= =========== netflow (object) ^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ======= =========== Name Type Description ======= ======= =========== age integer bytes integer end string max_ttl integer min_ttl integer pkts integer start string tx_cnt integer ======= ======= =========== mqtt (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== =========== Name Type Description =========== ====== =========== connack object connect object disconnect object pingreq object pingresp object puback object pubcomp object publish object pubrec object pubrel object suback object subscribe object unsuback object unsubscribe object =========== ====== =========== mqtt.unsubscribe (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ =========== Name Type Description ========== ================ =========== dup boolean message_id integer qos integer retain boolean topics array of strings ========== ================ =========== mqtt.unsuback (object) ^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ================= =========== Name Type Description ============ ================= =========== dup boolean message_id integer qos integer reason_codes array of integers retain boolean ============ ================= =========== mqtt.subscribe (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ =========== Name Type Description ========== ================ =========== dup boolean message_id integer qos integer retain boolean topics array of objects ========== ================ =========== mqtt.subscribe.topics (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===== ======= =========== Name Type Description ===== ======= =========== qos integer topic string ===== ======= =========== mqtt.suback (object) ^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ================= =========== Name Type Description =========== ================= =========== dup boolean message_id integer qos integer qos_granted array of integers retain boolean =========== ================= =========== mqtt.pubrel (object) ^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== dup boolean message_id integer qos integer reason_code integer retain boolean =========== ======= =========== mqtt.pubrec (object) ^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== dup boolean message_id integer qos integer reason_code integer retain boolean =========== ======= =========== mqtt.publish (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== dup boolean message string message_id integer properties object qos integer retain boolean skipped_length integer topic string truncated boolean ============== ======= =========== mqtt.pubcomp (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== dup boolean message_id integer qos integer reason_code integer retain boolean =========== ======= =========== mqtt.puback (object) ^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== dup boolean message_id integer qos integer reason_code integer retain boolean =========== ======= =========== mqtt.pingresp (object) ^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ======= =========== Name Type Description ====== ======= =========== dup boolean qos integer retain boolean ====== ======= =========== mqtt.pingreq (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ======= =========== Name Type Description ====== ======= =========== dup boolean qos integer retain boolean ====== ======= =========== mqtt.disconnect (object) ^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== dup boolean properties object qos integer reason_code integer retain boolean =========== ======= =========== mqtt.connect (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== client_id string dup boolean flags object password string properties object protocol_string string protocol_version integer qos integer retain boolean username string will object ================ ======= =========== mqtt.connect.will (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ====== =========== Name Type Description ========== ====== =========== message string properties object topic string ========== ====== =========== mqtt.connect.flags (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== clean_session boolean password boolean username boolean will boolean will_retain boolean ============= ======= =========== mqtt.connack (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ======= =========== Name Type Description =============== ======= =========== dup boolean properties object qos integer retain boolean return_code integer session_present boolean =============== ======= =========== modbus (object) ^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== id integer request object response object ======== ======= =========== modbus.response (object) ^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== access_type string category string data string diagnostic object error_flags string exception object function_code string function_raw integer protocol_id integer read object transaction_id integer unit_id integer write object ============== ======= =========== modbus.response.write (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ======= =========== Name Type Description ======= ======= =========== address integer data integer ======= ======= =========== modbus.response.read (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ====== =========== Name Type Description ==== ====== =========== data string ==== ====== =========== modbus.response.exception (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ======= =========== Name Type Description ==== ======= =========== code string raw integer ==== ======= =========== modbus.response.diagnostic (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ======= =========== Name Type Description ==== ======= =========== code string data string raw integer ==== ======= =========== modbus.request (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== access_type string category string data string diagnostic object error_flags string function_code string function_raw integer mei object protocol_id integer read object transaction_id integer unit_id integer write object ============== ======= =========== modbus.request.write (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ======= =========== Name Type Description ======= ======= =========== address integer data integer ======= ======= =========== modbus.request.read (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== address integer quantity integer ======== ======= =========== modbus.request.mei (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ======= =========== Name Type Description ==== ======= =========== code string data string raw integer ==== ======= =========== modbus.request.diagnostic (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ======= =========== Name Type Description ==== ======= =========== code string data string raw integer ==== ======= =========== metadata (object) ^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ================ =========== Name Type Description ======== ================ =========== entropy object flowbits array of strings flowints object flowvars array of objects pktvars array of objects ======== ================ =========== metadata.pktvars (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ====== =========== Name Type Description ======== ====== =========== uid string username string ======== ====== =========== metadata.flowvars (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===== ====== =========== Name Type Description ===== ====== =========== gid string key string value string ===== ====== =========== mdns (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ================= ============================================= Name Type Description =========== ================= ============================================= additionals array of objects mDNS additional records answers array of objects mDNS answer records authorities array of objects mDNS authority records flags array of unknowns mDNS message flags id integer mDNS transaction ID opcode integer mDNS opcode value queries array of objects mDNS query records rcode integer mDNS reply (error) code type string Type of message, either a request or response =========== ================= ============================================= mdns.queries (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= ============================================ Name Type Description ================ ======= ============================================ rrname string Resource name being requested rrname_truncated boolean Name was truncated by Suricata due to length rrtype string Type of resource being requested ================ ======= ============================================ mdns.authorities (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= ============================================ Name Type Description ================ ======= ============================================ rrname string Resource name of the record being returned rrname_truncated boolean Name was truncated by Suricata due to length ================ ======= ============================================ mdns.answers (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ================ ============================================ Name Type Description ================ ================ ============================================ ptr string Value of the requested PTR record rrname string Resource name of the record being returned rrname_truncated boolean Name was truncated by Suricata due to length txt array of strings Value of the requested TXT record ================ ================ ============================================ mdns.additionals (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ================ ============================================ Name Type Description ================ ================ ============================================ ptr string Value of the requested PTR record rrname string Resource name of the record being returned rrname_truncated boolean Name was truncated by Suricata due to length txt array of strings Value of the requested TXT record ================ ================ ============================================ ldap (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ================ =========== Name Type Description ========= ================ =========== request object responses array of objects ========= ================ =========== ldap.responses (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===================== ====== =========== Name Type Description ===================== ====== =========== add_response object bind_response object compare_response object del_response object extended_response object intermediate_response object mod_dn_response object modify_response object search_result_done object ===================== ====== =========== ldap.responses.search_result_done (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== =========== Name Type Description =========== ====== =========== matched_dn string message string result_code string =========== ====== =========== ldap.responses.modify_response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== =========== Name Type Description =========== ====== =========== matched_dn string message string result_code string =========== ====== =========== ldap.responses.mod_dn_response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== =========== Name Type Description =========== ====== =========== matched_dn string message string result_code string =========== ====== =========== ldap.responses.intermediate_response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===== ====== =========== Name Type Description ===== ====== =========== name string value string ===== ====== =========== ldap.responses.extended_response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== =========== Name Type Description =========== ====== =========== matched_dn string message string name string result_code string value string =========== ====== =========== ldap.responses.del_response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== =========== Name Type Description =========== ====== =========== matched_dn string message string result_code string =========== ====== =========== ldap.responses.compare_response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== =========== Name Type Description =========== ====== =========== matched_dn string message string result_code string =========== ====== =========== ldap.responses.bind_response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================= ====== =========== Name Type Description ================= ====== =========== matched_dn string message string result_code string server_sasl_creds string ================= ====== =========== ldap.responses.add_response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== =========== Name Type Description =========== ====== =========== matched_dn string message string result_code string =========== ====== =========== ldap.request (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== abandon_request object add_request object bind_request object compare_request object del_request object extended_request object message_id integer mod_dn_request object modify_request object operation string search_request object ================ ======= =========== ldap.request.search_request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ================ =========== Name Type Description ============ ================ =========== attributes array of strings base_object string deref_alias integer scope integer size_limit integer time_limit integer types_online boolean ============ ================ =========== ldap.request.modify_request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ================ =========== Name Type Description ======= ================ =========== changes array of objects object string ======= ================ =========== ldap.request.modify_request.changes (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ====== =========== Name Type Description ============ ====== =========== modification object operation string ============ ====== =========== ldap.request.modify_request.changes.modification (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ================ =========== Name Type Description ================ ================ =========== attribute_type string attribute_values array of strings ================ ================ =========== ldap.request.mod_dn_request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== delete_old_rdn boolean entry string new_rdn string new_superior string ============== ======= =========== ldap.request.extended_request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===== ====== =========== Name Type Description ===== ====== =========== name string value string ===== ====== =========== ldap.request.del_request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ====== =========== Name Type Description ==== ====== =========== dn string ==== ====== =========== ldap.request.compare_request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========================= ====== =========== Name Type Description ========================= ====== =========== attribute_value_assertion object entry string ========================= ====== =========== ldap.request.compare_request.attribute_value_assertion (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== =========== Name Type Description =========== ====== =========== description string value string =========== ====== =========== ldap.request.bind_request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======= ======= =========== Name Type Description ======= ======= =========== name string sasl object version integer ======= ======= =========== ldap.request.bind_request.sasl (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ====== =========== Name Type Description =========== ====== =========== credentials string mechanism string =========== ====== =========== ldap.request.add_request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ =========== Name Type Description ========== ================ =========== attributes array of objects entry string ========== ================ =========== ldap.request.add_request.attributes (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ================ =========== Name Type Description ====== ================ =========== name string values array of strings ====== ================ =========== ldap.request.abandon_request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ======= =========== Name Type Description ========== ======= =========== message_id integer ========== ======= =========== krb5 (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====================== ======= ================================================================= Name Type Description ====================== ======= ================================================================= cname string The client PrincipalName encryption string Encryption used (only in AS-REP and TGS-REP) error_code string Error code, if request has failed failed_request string The request type for which the response had an error_code msg_type string The message type: AS-REQ, AS-REP, etc... realm string The server Realm sname string The server PrincipalName ticket_encryption string Encryption used for ticket ticket_weak_encryption boolean Whether the encryption used for ticket is a weak cipher weak_encryption boolean Whether the encryption used in AS-REP or TGS-REP is a weak cipher ====================== ======= ================================================================= ike (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===================== ================ =========== Name Type Description ===================== ================ =========== alg_auth string alg_auth_raw integer alg_dh string alg_dh_raw integer alg_enc string alg_enc_raw integer alg_hash string alg_hash_raw integer exchange_type integer exchange_type_verbose string ikev1 object ikev2 object init_spi string message_id integer payload array of strings resp_spi string role string sa_key_length string sa_key_length_raw integer sa_life_duration string sa_life_duration_raw integer sa_life_type string sa_life_type_raw integer version_major integer version_minor integer ===================== ================ =========== ike.ikev2 (object) ^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ================= =========== Name Type Description ====== ================= =========== errors integer notify array of unknowns ====== ================= =========== ike.ikev1 (object) ^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================== ================ =========== Name Type Description ================== ================ =========== client object doi integer encrypted_payloads boolean server object vendor_ids array of strings ================== ================ =========== ike.ikev1.server (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========================== ======= =========== Name Type Description =========================== ======= =========== key_exchange_payload string key_exchange_payload_length integer nonce_payload string nonce_payload_length integer =========================== ======= =========== ike.ikev1.client (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========================== ================ =========== Name Type Description =========================== ================ =========== key_exchange_payload string key_exchange_payload_length integer nonce_payload string nonce_payload_length integer proposals array of objects =========================== ================ =========== ike.ikev1.client.proposals (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==================== ======= =========== Name Type Description ==================== ======= =========== alg_auth string alg_auth_raw integer alg_dh string alg_dh_raw integer alg_enc string alg_enc_raw integer alg_hash string alg_hash_raw integer sa_key_length string sa_key_length_raw integer sa_life_duration string sa_life_duration_raw integer sa_life_type string sa_life_type_raw integer ==================== ======= =========== http (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============================ ================ ======================================================= Name Type Description ============================ ================ ======================================================= content_range object hostname string http2 object http_content_type string http_method string http_port integer http_refer string http_response_body string http_response_body_printable string http_user_agent string length integer org_src_ip string protocol string redirect string request_headers array of objects response_headers array of objects status integer status_string string status string when it is not a valid integer (like 2XX) true_client_ip string url string version string x_bluecoat_via string xff string ============================ ================ ======================================================= http.response_headers (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================= ======= =========== Name Type Description ================= ======= =========== name string table_size_update integer value string ================= ======= =========== http.request_headers (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================= ======= =========== Name Type Description ================= ======= =========== name string table_size_update integer value string ================= ======= =========== http.http2 (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ======= =========== Name Type Description ========= ======= =========== request object response object stream_id integer ========= ======= =========== http.http2.response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ================ =========== Name Type Description ============ ================ =========== error_code string has_multiple string settings array of objects ============ ================ =========== http.http2.response.settings (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== settings_id string settings_value integer ============== ======= =========== http.http2.request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ================ =========== Name Type Description ============ ================ =========== error_code string has_multiple string priority integer settings array of objects ============ ================ =========== http.http2.request.settings (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== settings_id string settings_value integer ============== ======= =========== http.content_range (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===== ======= =========== Name Type Description ===== ======= =========== end integer raw string size integer start integer ===== ======= =========== ftp_data (object) ^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ====== =========== Name Type Description ======== ====== =========== command string filename string ======== ====== =========== ftp (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================= ================ =========== Name Type Description ================= ================ =========== command string command_data string command_truncated boolean completion_code array of strings dynamic_port integer mode string reply array of strings reply_received string reply_truncated boolean ================= ================ =========== frame (object) ^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================= ======= =========== Name Type Description ================= ======= =========== complete boolean direction string id integer length integer payload string payload_printable string stream_offset integer tx_id integer type string ================= ======= =========== flow (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ================= ================================================================================= Name Type Description ================ ================= ================================================================================= action string age integer alerted boolean bypass string bypassed object bytes_toclient integer bytes_toserver integer dest_ip string dest_port integer elephant boolean emergency boolean end string exception_policy array of unknowns The exception policy(ies) triggered by the flow. Not logged if none was triggered pkts_toclient integer pkts_toserver integer reason string src_ip string src_port integer start string state string tx_cnt integer wrong_thread boolean ================ ================= ================================================================================= flow.bypassed (object) ^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== bytes_toclient integer bytes_toserver integer pkts_toclient integer pkts_toserver integer ============== ======= =========== files (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ================= =========================================== Name Type Description ======== ================= =========================================== end integer file_id integer filename string gaps boolean magic string md5 string sha1 string sha256 string sid array of integers size integer start integer state string stored boolean storing boolean the file is set to be stored when completed tx_id integer ======== ================= =========================================== fileinfo (object) ^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ================= =========================================== Name Type Description ======== ================= =========================================== end integer file_id integer filename string gaps boolean magic string md5 string sha1 string sha256 string sid array of integers size integer start integer state string stored boolean storing boolean the file is set to be stored when completed tx_id integer ======== ================= =========================================== ether (object) ^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ ==================== Name Type Description ========== ================ ==================== dest_mac string dest_macs array of strings ether_type integer Ethernet type value src_mac string src_macs array of strings ========== ================ ==================== enip (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ====== =========== Name Type Description ======== ====== =========== request object response object ======== ====== =========== enip.response (object) ^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ====== =========== Name Type Description ================ ====== =========== cip object command string identity object list_services object register_session object status string ================ ====== =========== enip.response.register_session (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== options integer protocol_version integer ================ ======= =========== enip.response.list_services (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== capabilities integer protocol_version integer service_name string ================ ======= =========== enip.response.identity (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== device_type string product_code integer product_name string protocol_version integer revision string serial integer state integer status integer vendor_id string ================ ======= =========== enip.response.cip (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======================= ================ =========== Name Type Description ======================= ================ =========== multiple array of objects service string status string status_extended string status_extended_meaning string ======================= ================ =========== enip.response.cip.multiple (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======================= ====== =========== Name Type Description ======================= ====== =========== service string status string status_extended string status_extended_meaning string ======================= ====== =========== enip.request (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ====== =========== Name Type Description ================ ====== =========== cip object command string register_session object status string ================ ====== =========== enip.request.register_session (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= =========== Name Type Description ================ ======= =========== options integer protocol_version integer ================ ======= =========== enip.request.cip (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ =========== Name Type Description ========== ================ =========== class_name string multiple array of objects path array of objects service string ========== ================ =========== enip.request.cip.path (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ======= =========== Name Type Description ============ ======= =========== segment_type string value integer ============ ======= =========== enip.request.cip.multiple (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ =========== Name Type Description ========== ================ =========== class_name string path array of objects service string ========== ================ =========== enip.request.cip.multiple.path (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ======= =========== Name Type Description ============ ======= =========== segment_type string value integer ============ ======= =========== engine (object) ^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== error string error_code integer message string module string thread_name string =========== ======= =========== email (object) ^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ================ =========== Name Type Description ============ ================ =========== attachment array of strings body_md5 string cc array of strings date string from string has_exe_url boolean has_ipv4_url boolean has_ipv6_url boolean message_id string received array of strings status string subject string subject_md5 string to array of strings url array of strings x_mailer string ============ ================ =========== drop (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== ack boolean fin boolean flowlbl integer hoplimit integer icmp_id integer icmp_seq integer ipid integer len integer psh boolean reason string rst boolean syn boolean tc integer tcpack integer tcpres integer tcpseq integer tcpurgp integer tcpwin integer tos integer ttl integer udplen integer urg boolean verdict object ======== ======= =========== drop.verdict (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ================ =========== Name Type Description ============= ================ =========== action string reject array of strings reject-target string ============= ================ =========== dns (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ================ ================================= Name Type Description =========== ================ ================================= aa boolean additionals array of objects answer object answers array of objects authorities array of objects flags string grouped object id integer opcode integer DNS opcode as an integer qr boolean queries array of objects query array of objects ra boolean rcode string rd boolean rrname string rrtype string tc boolean DNS truncation flag tx_id integer type string version integer The version of this EVE DNS event z boolean =========== ================ ================================= dns.query (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ======= ======================== Name Type Description ====== ======= ======================== id integer opcode integer DNS opcode as an integer rrname string rrtype string tx_id integer type string z boolean ====== ======= ======================== dns.queries (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= ================================================================ Name Type Description ================ ======= ================================================================ id integer opcode integer DNS opcode as an integer rrname string rrname_truncated boolean Set to true if the rrname was too long and truncated by Suricata rrtype string tx_id integer type string z boolean ================ ======= ================================================================ dns.grouped (object) ^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ===== ================= ====================================================================== Name Type Description ===== ================= ====================================================================== A array of strings AAAA array of strings CNAME array of strings MX array of strings NS array of strings NULL array of strings PTR array of strings SOA array of unknowns SRV array of objects SSHFP array of objects A Secure Shell fingerprint is used to verify the system’s authenticity TXT array of strings ===== ================= ====================================================================== dns.grouped.SSHFP (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== algo integer fingerprint string type integer =========== ======= =========== dns.grouped.SRV (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== name string port integer priority integer weight integer ======== ======= =========== dns.authorities (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= ================================================================ Name Type Description ================ ======= ================================================================ rdata string rdata_truncated boolean Set to true if the rdata was too long and truncated by Suricata rrname string rrname_truncated boolean Set to true if the rrname was too long and truncated by Suricata rrtype string soa object ttl integer ================ ======= ================================================================ dns.authorities.soa (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ======= =============================================================== Name Type Description =============== ======= =============================================================== expire integer minimum integer mname string mname_truncated boolean Set to true if the mname was too long and truncated by Suricata refresh integer retry integer rname string serial integer =============== ======= =============================================================== dns.answers (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ======= ==================================================================== Name Type Description ====== ======= ==================================================================== rdata string rrname string rrtype string soa object srv object sshfp object A Secure Shell fingerprint, used to verify the system’s authenticity ttl integer ====== ======= ==================================================================== dns.answers.sshfp (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== algo integer fingerprint string type integer =========== ======= =========== dns.answers.srv (object) ^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== name string port integer priority integer weight integer ======== ======= =========== dns.answers.soa (object) ^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ======= =============================================================== Name Type Description =============== ======= =============================================================== expire integer minimum integer mname string mname_truncated boolean Set to true if the mname was too long and truncated by Suricata refresh integer retry integer rname string serial integer =============== ======= =============================================================== dns.answer (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ================ ======================== Name Type Description =========== ================ ======================== additionals array of objects authorities array of objects flags string id integer opcode integer DNS opcode as an integer qr boolean ra boolean rcode string rd boolean rrname string rrtype string type string version integer =========== ================ ======================== dns.answer.authorities (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================ ======= ================================================================ Name Type Description ================ ======= ================================================================ rdata string rdata_truncated boolean Set to true if the rdata was too long and truncated by Suricata rrname string rrname_truncated boolean Set to true if the rrname was too long and truncated by Suricata rrtype string soa object ttl integer ================ ======= ================================================================ dns.answer.authorities.soa (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =============== ======= =============================================================== Name Type Description =============== ======= =============================================================== expire integer minimum integer mname string mname_truncated boolean Set to true if the mname was too long and truncated by Suricata refresh integer retry integer rname string serial integer =============== ======= =============================================================== dns.answer.additionals (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ================ =========== Name Type Description ====== ================ =========== opt array of objects rdata string rrname string rrtype string ttl integer ====== ================ =========== dns.answer.additionals.opt (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ======= =========== Name Type Description ==== ======= =========== code integer data string ==== ======= =========== dns.additionals (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ================ =========== Name Type Description ====== ================ =========== opt array of objects rdata string rrname string rrtype string ttl integer ====== ================ =========== dns.additionals.opt (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ======= =========== Name Type Description ==== ======= =========== code integer data string ==== ======= =========== dnp3 (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== application object control object dst integer iin object request object response object src integer type string =========== ======= =========== dnp3.response (object) ^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== application object control object dst integer iin object src integer type string =========== ======= =========== dnp3.response.iin (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ =========== Name Type Description ========== ================ =========== indicators array of strings ========== ================ =========== dnp3.response.control (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== dir boolean fcb boolean fcv boolean function_code integer pri boolean ============= ======= =========== dnp3.response.application (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ================ =========== Name Type Description ============= ================ =========== complete boolean control object function_code integer objects array of objects ============= ================ =========== dnp3.response.application.objects (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ================ =========== Name Type Description =========== ================ =========== count integer group integer points array of objects prefix_code integer qualifier integer range_code integer start integer stop integer variation integer =========== ================ =========== dnp3.response.application.control (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== con boolean fin boolean fir boolean sequence integer uns boolean ======== ======= =========== dnp3.request (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ======= =========== Name Type Description =========== ======= =========== application object control object dst integer src integer type string =========== ======= =========== dnp3.request.control (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== dir boolean fcb boolean fcv boolean function_code integer pri boolean ============= ======= =========== dnp3.request.application (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ================ =========== Name Type Description ============= ================ =========== complete boolean control object function_code integer objects array of objects ============= ================ =========== dnp3.request.application.objects (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ================ =========== Name Type Description =========== ================ =========== count integer group integer points array of objects prefix_code integer qualifier integer range_code integer start integer stop integer variation integer =========== ================ =========== dnp3.request.application.control (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== con boolean fin boolean fir boolean sequence integer uns boolean ======== ======= =========== dnp3.iin (object) ^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ================ =========== Name Type Description ========== ================ =========== indicators array of strings ========== ================ =========== dnp3.control (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ======= =========== Name Type Description ============= ======= =========== dir boolean fcb boolean fcv boolean function_code integer pri boolean ============= ======= =========== dnp3.application (object) ^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============= ================ =========== Name Type Description ============= ================ =========== complete boolean control object function_code integer objects array of objects ============= ================ =========== dnp3.application.objects (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 =========== ================ =========== Name Type Description =========== ================ =========== count integer group integer points array of objects prefix_code integer qualifier integer range_code integer start integer stop integer variation integer =========== ================ =========== dnp3.application.control (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======== ======= =========== Name Type Description ======== ======= =========== con boolean fin boolean fir boolean sequence integer uns boolean ======== ======= =========== dhcp (object) ^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ======================= ================ =========== Name Type Description ======================= ================ =========== assigned_ip string client_id string client_ip string client_mac string dhcp_type string dns_servers array of strings hostname string id integer lease_time integer next_server_ip string params array of strings rebinding_time integer relay_ip string renewal_time integer requested_ip string routers array of strings subnet_mask string type string vendor_class_identifier string ======================= ================ =========== dcerpc (object) ^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ================ =========== Name Type Description ============ ================ =========== activityuuid string call_id integer interfaces array of objects req object request string res object response string rpc_version string seqnum integer ============ ================ =========== dcerpc.res (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== frag_cnt integer stub_data_size integer ============== ======= =========== dcerpc.req (object) ^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ======= =========== Name Type Description ============== ======= =========== frag_cnt integer opnum integer stub_data_size integer ============== ======= =========== dcerpc.interfaces (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ======= =========== Name Type Description ========== ======= =========== ack_result integer uuid string version string ========== ======= =========== bittorrent_dht (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============== ====== =========== Name Type Description ============== ====== =========== client_version string error object request object request_type string response object transaction_id string ============== ====== =========== bittorrent_dht.response (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ====== ================ =========== Name Type Description ====== ================ =========== id string nodes array of objects nodes6 array of objects token string values array of objects ====== ================ =========== bittorrent_dht.response.nodes6 (array of objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ====== =========== Name Type Description ==== ====== =========== id string ip string port number ==== ====== =========== bittorrent_dht.request (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ======= =========== Name Type Description ============ ======= =========== id string implied_port integer info_hash string port integer target string token string ============ ======= =========== bittorrent_dht.error (object) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ======= =========== Name Type Description ==== ======= =========== msg string num integer ==== ======= =========== arp (object) ^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========== ====== =========================================================== Name Type Description ========== ====== =========================================================== dest_ip string Logical address of the intended receiver dest_mac string Physical address of the intended receiver hw_type string Network link protocol type opcode string Specifies the operation that the sender is performing proto_type string Internetwork protocol for which the ARP request is intended src_ip string Logical address of the sender src_mac string Physical address of the sender ========== ====== =========================================================== anomaly (object) ^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ========= ======= =========== Name Type Description ========= ======= =========== app_proto string code integer event string layer string type string ========= ======= =========== alert (object) ^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ============ ================ ================================================================ Name Type Description ============ ================ ================================================================ action string category string context object Extra context data created by keywords such as dataset with JSON gid integer metadata object references array of strings rev integer rule string severity integer signature string signature_id integer source object target object xff string ============ ================ ================================================================ alert.target (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ======= =========== Name Type Description ==== ======= =========== ip string port integer ==== ======= =========== alert.source (object) ^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ==== ======= =========== Name Type Description ==== ======= =========== ip string port integer ==== ======= =========== alert.metadata (object) ^^^^^^^^^^^^^^^^^^^^^^^ .. table:: :width: 100% :widths: 30 25 45 ================== ================ =========== Name Type Description ================== ================ =========== affected_product array of strings attack_target array of strings created_at array of strings deployment array of strings former_category array of strings malware_family array of strings policy array of strings signature_severity array of strings tag array of strings updated_at array of strings ================== ================ ===========