chg: [format] new meta type to extend d4 type via type 2
Signed-off: jl Signed-off: aurelien Signed-off: adulaumaster
parent
1b242e9452
commit
630c083bd9
|
@ -13,7 +13,7 @@
|
||||||
| hmac | uint 256 | Header authentication (HMAC-SHA-256-128) |
|
| hmac | uint 256 | Header authentication (HMAC-SHA-256-128) |
|
||||||
| size | uint 32 | Payload size |
|
| size | uint 32 | Payload size |
|
||||||
|
|
||||||
## Type
|
## Types
|
||||||
|
|
||||||
The type is the list of format encapsulated within the D4 protocol.
|
The type is the list of format encapsulated within the D4 protocol.
|
||||||
|
|
||||||
|
@ -27,6 +27,34 @@ The type is the list of format encapsulated within the D4 protocol.
|
||||||
| 5 | pcapng (diagnostic) |
|
| 5 | pcapng (diagnostic) |
|
||||||
| 6 | generic NDJSON or JSON Lines |
|
| 6 | generic NDJSON or JSON Lines |
|
||||||
| 7 | generic [YAF](https://tools.netsa.cert.org/yaf/index.html) (Yet Another Flowmeter)|
|
| 7 | generic [YAF](https://tools.netsa.cert.org/yaf/index.html) (Yet Another Flowmeter)|
|
||||||
|
| 254 | type defined by meta header (type 2) |
|
||||||
|
|
||||||
The D4 type list is [available in JSON format](https://raw.githubusercontent.com/D4-project/architecture/master/format/type.json).
|
The D4 type list is [available in JSON format](https://raw.githubusercontent.com/D4-project/architecture/master/format/type.json).
|
||||||
|
|
||||||
|
## Meta types (via meta header)
|
||||||
|
|
||||||
|
Sample meta type JSON
|
||||||
|
|
||||||
|
~~~~json
|
||||||
|
{
|
||||||
|
"type": "1337",
|
||||||
|
"encoding": "utf-8",
|
||||||
|
"tags": [
|
||||||
|
"tlp:white"
|
||||||
|
],
|
||||||
|
"misp:org": "5b642239-4db4-4580-adf4-4ebd950d210f"
|
||||||
|
}
|
||||||
|
~~~~
|
||||||
|
|
||||||
|
|Type| Description |
|
||||||
|
|----|:-----------------------------------|
|
||||||
|
| 0 | Reserved |
|
||||||
|
| 1 | pcap (libpcap 2.4) |
|
||||||
|
| 2 | Reserved |
|
||||||
|
| 3 | generic log line |
|
||||||
|
| 4 | [dnscap](https://github.com/DNS-OARC/dnscap) output |
|
||||||
|
| 5 | pcapng (diagnostic) |
|
||||||
|
| 6 | generic NDJSON or JSON Lines |
|
||||||
|
| 7 | generic [YAF](https://tools.netsa.cert.org/yaf/index.html) (Yet Another Flowmeter)|
|
||||||
|
| 254 | Reserved |
|
||||||
|
| 1337 | ja3-jl |
|
||||||
|
|
Loading…
Reference in New Issue