Conversation
So that we can write enip.revision: 0x203
Ticket: 3958
- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
enip.product_name, enip.protocol_version, enip.revision,
enip.identity_status, enip.state, enip.serial, enip.product_code,
enip.device_type, enip.vendor_id, enip.capabilities,
enip.cip_attribute, enip.cip_class, enip.cip_instance,
enip.cip_status, enip.cip_extendedstatus
catenacyber
requested review from
a team,
jasonish,
jufajardini and
victorjulien
as code owners
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #10083 +/- ##
==========================================
- Coverage 82.19% 81.60% -0.60%
==========================================
Files 975 994 +19
Lines 271940 274306 +2366
==========================================
+ Hits 223523 223834 +311
- Misses 48417 50472 +2055
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Yeah, please add tickets for those detect improvements. Will also need doc and SV updates. Might be good to break it out into its own PR. |
|
Information: QA ran without warnings. Pipeline 17169 |
Tracking ticket https://redmine.openinfosecfoundation.org/issues/6644 |
jufajardini
left a comment
jufajardini
left a comment
There was a problem hiding this comment.
Doc changes look good to me! Do I understand correctly that many of the new enip keywords descriptions can later on be updated, once #10122 gets merged?
Correct indeed |
|
Replaced by #10178 |
4 participants
Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3958
Describe changes:
Alon the way, also
#10072 with rust style imroved as suggested per Jason
OISF/suricata-verify#1521
Does the first commit deserve its own redmine ticket ?
And the one in 4a49352 also ?