[Oisf-users] ryu and json dicts

Priyatham Ganta gantapritham4 at gmail.com
Thu Dec 5 04:31:19 UTC 2019 

Hi Erik,

Can you give more details on this parser and any url on how to use it.

Thanks


On Tue, 3 Dec 2019 at 04:08, erik clark <philosnef at gmail.com> wrote:

> Phone message, sorry for spam. If you are talking about ryu from openflow,
> looks it it already has a from_jsondict option. Nearly everything has a
> json parser nowadays
>
>
>
> On Tue, Dec 3, 2019, 7:00 AM <
> oisf-users-request at lists.openinfosecfoundation.org> wrote:
>
>> Send Oisf-users mailing list submissions to
>>         oisf-users at lists.openinfosecfoundation.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> or, via email, send a message with subject or body 'help' to
>>         oisf-users-request at lists.openinfosecfoundation.org
>>
>> You can reach the person managing the list at
>>         oisf-users-owner at lists.openinfosecfoundation.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Oisf-users digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Re: Question on eve.json file (Jason Ish)
>>    2. Suricata-Ryu integration (Priyatham Ganta)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 2 Dec 2019 12:53:19 -0600
>> From: Jason Ish <jason.ish at oisf.net>
>> To: oisf-users at lists.openinfosecfoundation.org
>> Subject: Re: [Oisf-users] Question on eve.json file
>> Message-ID: <01e689d1-5ffb-3e59-34b0-48a53c3c5a1a at oisf.net>
>> Content-Type: text/plain; charset=utf-8
>>
>> Hi Leonard,
>>
>> On 2019-12-01 10:38 p.m., Leonard Jacobs wrote:
>> > I have noticed that several log items are nested under alert.  In
>> > particular, signature and action are nested under alert.  Is there a way
>> > to not have those log items nested under alert with eve.json file?
>>
>> No, there is a not way to do this with Suricata. Post-processing tools
>> like Logstash could likeley be configured to make the transformation
>> though.
>>
>> Eve is a generic format with mostly generic event parameters at the top
>> level. Anything event_type specific is placed under the object for that
>> event_type.
>>
>> Jason
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Mon, 2 Dec 2019 15:47:22 -0800
>> From: Priyatham Ganta <gantapritham4 at gmail.com>
>> To: oisf-users at lists.openinfosecfoundation.org
>> Subject: [Oisf-users] Suricata-Ryu integration
>> Message-ID:
>>         <CABXPuZ93NVx8sd3=
>> yktw2wgH--973G60COXztvqPFL_g7T233g at mail.gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Hi,
>>
>> I want to integrate Suricata with the Ryu controller and I checked that
>> there is no built-in library for Suricata in the Ryu controller.
>>
>> I was thinking if I can convert Suricata messages to snort messages and
>> use
>> the same library or I want to know if there is any other way I can
>> integrate Suricata with the Ryu controller to parse the alerts generated
>> by
>> Suricata.
>>
>> Thanks
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191202/a9362e96/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at lists.openinfosecfoundation.org
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>>
>> ------------------------------
>>
>> End of Oisf-users Digest, Vol 121, Issue 2
>> ******************************************
>>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191204/20951a79/attachment.html>

More information about the Oisf-users mailing list