You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "Casey Stella (JIRA)" <ji...@apache.org> on 2016/10/06 18:13:21 UTC

[jira] [Created] (METRON-488) Snort should use a proper CSV implementation

Casey Stella created METRON-488:
-----------------------------------

             Summary: Snort should use a proper CSV implementation
                 Key: METRON-488
                 URL: https://issues.apache.org/jira/browse/METRON-488
             Project: Metron
          Issue Type: Bug
            Reporter: Casey Stella
            Assignee: Casey Stella


Right now if you have a custom snort rule (e.g. alert tcp any any -> any any (msg:'snort alert message having a ,(comma) to check csv parsing'; sid:999158; ) ) the snort parser will fail to parse because it's splitting on the comma naively.

It should use the existing CSV parsing infrastructure that we have and that is used in the CSVParser.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)