Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

userguide: document flow_id, with examples - v5 #9800

Closed
wants to merge 1 commit into from
Closed

userguide: document flow_id, with examples - v5 #9800

wants to merge 1 commit into from

Conversation

jufajardini
Copy link
Contributor

Flow_id explanation expanded from version shared by Peter Manev.

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6445

Previous PR: #9794

Changes from previous PR:

  • use a real ET Open rule for alert example
  • include source of pcap used, for reference
  • reword section beginning

Results: https://suri-rtd-test.readthedocs.io/en/doc-flow-id-v5/output/eve/eve-json-format.html#flow-id

@jufajardini
userguide: document flow_id, with examples
7db758c 
Flow_id explanation expanded from version shared by Peter Manev.

Task OISF#6445
@jufajardini jufajardini mentioned this pull request Nov 16, 2023
Closed
jufajardini
jufajardini commented Nov 16, 2023
View reviewed changes
doc/userguide/output/eve/eve-json-format.rst
Comment on lines +56 to +59
The ability to correlate any existing evidence/logs to an alert and/ or the
ability to correlate all logs belonging to a specific session/flow was
introduced in 2014 (see `commit f1185d051c21 <https://github.com/OISF/suricata/
commit/f1185d051c210ca0daacdddbe865a51af24f4ea3>`_).
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe better:
"The ability to correlate EVE logs belonging to a specific session/flow was introduced by..."
way more succinct, since we basically have already mentioned all the correllation that can be done in the previous paragraph...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it sounds better to me. It also removes existing, cause it can help correlate yet to be logged events as well.

@jufajardini jufajardini added the typo/doc update No code change : only doc or typo fixes label Nov 16, 2023
@jufajardini
Copy link
Contributor Author

New version, @pevma ^^

@codecov Codecov
Copy link

codecov bot commented Nov 16, 2023

Codecov Report

Merging #9800 (7db758c) into master (6bb882c) will decrease coverage by 0.09%.
Report is 1 commits behind head on master.
The diff coverage is n/a.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9800      +/-   ##
==========================================
- Coverage   82.45%   82.37%   -0.09%     
==========================================
  Files         968      968              
  Lines      273866   273866              
==========================================
- Hits       225825   225592     -233     
- Misses      48041    48274     +233
Flag Coverage Δ
fuzzcorpus 64.21% <ø> (-0.25%) ⬇️
suricata-verify 61.00% <ø> (-0.01%) ⬇️
unittests 62.93% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@jufajardini jufajardini mentioned this pull request Nov 16, 2023
Closed
@jufajardini
Copy link
Contributor Author

Replaced by: #9809

@jufajardini jufajardini deleted the doc-flow-id/v5 branch November 21, 2023 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish left review comments

Assignees
No one assigned
Labels
typo/doc update No code change : only doc or typo fixes
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jufajardini @jasonish