Skip to content

Commit

Permalink
detect-flowbits: adding details for flowbits
Browse files Browse the repository at this point in the history 
Task OISF#6309
  • Loading branch information
@hadiqaalamdar
hadiqaalamdar committed Oct 24, 2023
1 parent 2fe2d82 commit d326c89
Showing 1 changed file with 33 additions and 0 deletions.
33 changes: 33 additions & 0 deletions src/detect-engine-analyzer.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
#include "util-time.h"
#include "util-validate.h"
#include "util-conf.h"
#include "detect-flowbits.h"

static int rule_warnings_only = 0;

Expand Down Expand Up @@ -861,6 +862,38 @@ static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *
jb_close(js);
break;
}
case DETECT_FLOWBITS: {
const DetectFlowbitsData *cd = (const DetectFlowbitsData *)smd->ctx;

jb_open_object(js, "flowbits");
jb_set_uint(js, "idx", cd->idx);
jb_set_uint(js, "or_list_size", cd->or_list_size);
jb_set_uint(js, "or_list", cd->or_list);
if (cd->or_list_size > 0)
jb_set_string(js, "name", cd->or_list[cd->idx]);
switch (cd->cmd) {
case DETECT_FLOWBITS_CMD_NOALERT:
jb_set_string(js, "cmd", "noalert");
break;
case DETECT_FLOWBITS_CMD_ISSET:
jb_set_string(js, "cmd", "isset");
break;
case DETECT_FLOWBITS_CMD_ISNOTSET:
jb_set_string(js, "cmd", "isnotset");
break;
case DETECT_FLOWBITS_CMD_SET:
jb_set_string(js, "cmd", "set");
break;
case DETECT_FLOWBITS_CMD_UNSET:
jb_set_string(js, "cmd", "unset");
break;
case DETECT_FLOWBITS_CMD_TOGGLE:
jb_set_string(js, "cmd", "toggle");
break;
}
jb_close(js);
break;
}
}
jb_close(js);

Expand Down

0 comments on commit d326c89

Please sign in to comment.