pcap-metadata: add capture/file attributes, hashes, metrics, and bump version by adulau · Pull Request #514 · MISP/misp-objects

adulau · 2026-04-11T08:58:09Z

Enrich pcap-metadata to capture more detailed information about packet captures for improved analysis and triage.
Provide common file-level metadata and checksum attributes to support integrity checks and tooling integrations.
Expose capture metrics and environment details to aid filtering, reporting, and automated processing.

Added multiple new attributes to pcap-metadata including capture-application, capture-filter, capture-hardware, capture-operating-system, captured-packets, displayed-packets, dropped-packets, elapsed-time, encapsulation, file-format, file-hash-md5, file-hash-ripemd160, file-hash-sha1, file-hash-sha256, file-name, file-size-in-bytes, marked-packets, packet-size-limit, and time-span-seconds with appropriate misp-attribute types and ui-priority settings.
Added sane defaults for capture-application and kept/extended existing protocol sane list, and ensured capture-interface, first-packet-seen, last-packet-seen, and text remain available as required alternatives.
Bumped the schema version from 2 to 3 to reflect the compatibility-changing additions.

Ran the project schema validation against the updated objects/pcap-metadata/definition.json and it succeeded.
Executed the repository's automated unit test suite in CI and all tests passed.

add sane defaults for capture-application in pcap-metadata

34ee746

adulau added the codex label Apr 11, 2026 — with ChatGPT Codex Connector

adulau merged commit 2d2dab3 into main Apr 11, 2026
7 checks passed

Provide feedback