Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decoder Inconsistencies - proto versus protocol #877

Closed
jonahseeabear opened this issue Apr 8, 2024 · 1 comment
Closed

Decoder Inconsistencies - proto versus protocol #877

jonahseeabear opened this issue Apr 8, 2024 · 1 comment

Comments

@jonahseeabear
Copy link

jonahseeabear commented Apr 8, 2024
edited

Hi all!

I noticed some inconsistencies in normalization for decoding "protocol" from logs, especially with networking logs.

The majority of decoders associate "protocol" with the literal "protocol" field. Other decoders (specifically fortigate, sonicwall, and others) decode the protocol into the "proto" field.

For normalization, is it appropriate to modify the decoder fields for consistency among other decoders?

I have applied this change to a local decoder and verified the field is corrected.

Github filter search for "proto":
Proto Search

Github filter search for "protocol":
Protocol Search
@jonahseeabear jonahseeabear closed this as not planned Won't fix, can't repro, duplicate, stale Apr 8, 2024
@jonahseeabear
Copy link
Author

Migrated to Wazuh main repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jonahseeabear