Nemea framework is the heart of the Nemea system. It contains implementation of common communication interfaces, UniRec data format and useful datastructures and algorithms.
11
stars
24
forks
source link
Docs: Syntax of rules in Reporter config is not documented #216
I can't find any documentation of rules syntax in reporter configuration. The corresponding documentation section only states it is as "supported by Mentat filter (MFilter)" - which is wrong (the library is called pynspect) and there is no link.
The other issue is that pynspect itself is not well documented, but you can't fix that.
Btw: The original issue I stumbled upon is a wierd behavior of IP address matching. When I want to match Source.IP4 to a single IP address, this doesn't work:
Source.IP4 == "1.2.3.4"
If I write it this way, it suddenly works:
Source.IP4 in [ "1.2.3.4" ]
I know you probably can't fix that, but maybe it can be mentioned in the documentation as a known bug (or just unintuitive behaviour)?
I can't find any documentation of rules syntax in reporter configuration. The corresponding documentation section only states it is as "supported by Mentat filter (MFilter)" - which is wrong (the library is called
pynspect) and there is no link.Please, at least fix the name and add a link to pynspect documentation.
The other issue is that
pynspectitself is not well documented, but you can't fix that.Btw: The original issue I stumbled upon is a wierd behavior of IP address matching. When I want to match
Source.IP4to a single IP address, this doesn't work:Source.IP4 == "1.2.3.4"If I write it this way, it suddenly works:Source.IP4 in [ "1.2.3.4" ]I know you probably can't fix that, but maybe it can be mentioned in the documentation as a known bug (or just unintuitive behaviour)?