logstash-codec-netflow 4.1.1 → 4.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 05072723b2f9f9f78b2fb55268ddca4e189e641f
-  data.tar.gz: 0316e6c3a82fd2ac4355ef1cd7ede8a73b2b2e28
+SHA256:
+  metadata.gz: 0c4da0b3f6075dcfb7e72dae660095da07004349759ff6670ecd26b1bac9e17c
+  data.tar.gz: d5696be43eae0d11854fdf9748c7747d0a1538f6d25bc66404db214e37be4067
 SHA512:
-  metadata.gz: 145c03e3407507b71affae3b337b0afe489e474816c33836d6d0df632ac7b840418257aa20d18df31621c2d9bd73b02bc7aa7d032191115bcf4a20e128754045
-  data.tar.gz: d8b4cb2f0305d9a5d0f07132c466125480a41518ba5925f29bf2401117abb27d58f51e7e49698da283db8c11c0667c4630eaece7fd01d1db37ce5d776b3ffb98
+  metadata.gz: 4daad3432b5f881cab2c934bc1d67e2fdf35dca8d286e6ffe2eea365b0ae37bfbc6fd3a797ed47f800fded7fa09e61f9b5b2b0d5bd63b718e4a74aa2089e011d
+  data.tar.gz: c79d87b13f094bcc064555d17a776c9eb755a705f23a9232379ad39820429048c8d910e1d14fa7d355e01d06ea92421428fdbf9874d00dce725e5aa362829c47

data/CHANGELOG.md

@@ -1,3 +1,21 @@
+## 4.2.2
+  - Feat: leverage event_factory support [#195](https://github.com/logstash-plugins/logstash-codec-netflow/pull/195)
+  - Test: remove redundant asserts (to get the CI green)
+
+## 4.2.1
+
+  - Fix sub-second timestamp math
+
+## 4.2.0
+
+  - Added Cisco ACI to list of known working Netflow v9 exporters
+  - Added support for IXIA Packet Broker IPFIX
+  - Fixed issue with Procera float fields
+
+## 4.1.2
+
+  - Fixed issue where TTL in template registry was not being respected.
+
 ## 4.1.1
 
   - Reduced complexity of creating, persisting, loading an retrieving template caches.

data/CONTRIBUTORS

@@ -4,11 +4,13 @@ reports, or in general have helped logstash along its way.
 Contributors:
 * Aaron Mildenstein (untergeek)
 * Adam Kaminski (thimslugga)
+* Ana (janniten)
 * Andrew Cholakian (andrewvc)
 * Ayden Beeson (abeeson)
 * Bjørn Ruberg (bruberg)
 * Colin Surprenant (colinsurprenant)
 * Daniel Nägele (analogbyte)
+* Dan Hermann (danhermann)
 * Diyaldine Maoulida
 * Evgeniy Sudyr (ejectck)
 * G.J. Moed (gjmoed)
@@ -16,6 +18,7 @@ Contributors:
 * Jason Liu (JasonLZJ)
 * James Park-Watt (jimmypw)
 * Jason Keller (jasonkeller)
+* Jayme Johnston
 * Jeremy Foran (jeremyforan)
 * Jordan Sissel (jordansissel)
 * Jorrit Folmer (jorritfolmer)
@@ -27,6 +30,7 @@ Contributors:
 * Paul Warren (pwarren)
 * Pedro de Oliveira
 * Philipp Kahr
+* Philippe Veys
 * Pier-Hugues Pellerin (ph)
 * Pulkit Agrawal (propulkit)
 * Raju Nair (rajutech76)
@@ -50,7 +54,7 @@ Contributors:
 * zwirk
 
 Maintainer:
-* Jorrit Folmer (jorritfolmer)
+* -
 
 Note: If you've sent us patches, bug reports, or otherwise contributed to
 Logstash, and you aren't on the list above and want to be, please let us know

data/LICENSE

@@ -1,13 +1,202 @@
-Copyright (c) 2012-2018 Elasticsearch <http://www.elastic.co>
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
 
-    http://www.apache.org/licenses/LICENSE-2.0
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2020 Elastic and contributors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -1,6 +1,6 @@
 # Logstash Plugin
 
-[![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-codec-netflow.svg)](https://travis-ci.org/logstash-plugins/logstash-codec-netflow)
+[![Travis Build Status](https://travis-ci.com/logstash-plugins/logstash-codec-netflow.svg)](https://travis-ci.com/logstash-plugins/logstash-codec-netflow)
 
 This is a plugin for [Logstash](https://github.com/elastic/logstash).
 

data/docs/index.asciidoc

@@ -36,6 +36,7 @@ The following Netflow/IPFIX exporters have been seen and tested with the most re
 |===========================================================================================
 |Netflow exporter         | v5 | v9 | IPFIX | Remarks
 |Barracuda Firewall       |    |    |   y   | With support for Extended Uniflow
+|Cisco ACI                |    | y  |       |
 |Cisco ASA                |    | y  |       |  
 |Cisco ASR 1k             |    |    |   N   | Fails because of duplicate fields
 |Cisco ASR 9k             |    | y  |       |  
@@ -47,6 +48,7 @@ The following Netflow/IPFIX exporters have been seen and tested with the most re
 |Fortigate FortiOS        |    | y  |       |
 |Huawei Netstream         |    | y  |       |
 |ipt_NETFLOW              |  y | y  |   y   |
+|IXIA packet broker       |    |    |   y   |
 |Juniper MX               |  y |    |   y   | SW > 12.3R8. Fails to decode IPFIX from Junos 16.1 due to duplicate field names which we currently don't support.
 |Mikrotik                 |  y |    |   y   | http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow
 |nProbe                   |  y | y  |   y   | L7 DPI fields now also supported

data/lib/logstash/codecs/netflow.rb

@@ -5,9 +5,12 @@ require "logstash/timestamp"
 #require "logstash/json"
 require "json"
 
-# Documentation moved to docs/
+require 'logstash/plugin_mixins/event_support/event_factory_adapter'
 
 class LogStash::Codecs::Netflow < LogStash::Codecs::Base
+
+  include LogStash::PluginMixins::EventSupport::EventFactoryAdapter
+
   config_name "netflow"
 
   # Netflow v9/v10 template cache TTL (minutes)
@@ -136,7 +139,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
         # convert these into absolute times
         millis = flowset.uptime - v
         seconds = flowset.unix_sec - (millis / 1000)
-        micros = (flowset.unix_nsec / 1000) - (millis % 1000)
+        micros = (flowset.unix_nsec / 1000) - ((millis % 1000) * 1000)
         if micros < 0
           seconds--
           micros += 1000000
@@ -147,7 +150,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
       end
     end
 
-    LogStash::Event.new(event)
+    event_factory.new_event(event)
   rescue BinData::ValidityError, IOError => e
     @logger.warn("Invalid netflow packet received (#{e})")
   end
@@ -262,14 +265,14 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
             millis = flowset.uptime - v
             seconds = flowset.unix_sec - (millis / 1000)
             # v9 did away with the nanosecs field
-            micros = 1000000 - (millis % 1000)
+            micros = 1000000 - ((millis % 1000) * 1000)
             event[@target][k.to_s] = LogStash::Timestamp.at(seconds, micros).to_iso8601
           else
             event[@target][k.to_s] = v.snapshot
           end
         end
 
-        events << LogStash::Event.new(event)
+        events << event_factory.new_event(event)
         flowcounter += 1
       end
     else
@@ -355,7 +358,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
           end
         end
 
-        events << LogStash::Event.new(event)
+        events << event_factory.new_event(event)
       end
     else
       @logger.warn("Unsupported flowset id #{record.flowset_id}")
@@ -605,8 +608,8 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
       catch(:invalid_template) do
         yield(template) if block_given?
 
-        @bindata_spec_cache[key] = field_tuples
-        @bindata_struct_cache[key] = template
+        @bindata_spec_cache[key, @ttl] = field_tuples
+        @bindata_struct_cache[key, @ttl] = template
 
         do_persist
 

data/lib/logstash/codecs/netflow/ipfix.yaml

@@ -2453,37 +2453,34 @@
 6876:
   880:
   - :uint8
-  - :vmwareUnknown880
+  - :vmwareTenantProtocol
   881:
-  - :uint32
-  - :vmwareUnknown881
+  - :ip4_addr
+  - :vmwareTenantSourceIPv4
   882:
-  - :uint32
-  - :vmwareUnknown882
+  - :ip4_addr
+  - :vmwareTenantDestIPv4
   883:
-  - :string
-  - :vmwareUnknown883
+  - :ip6_addr
+  - :vmwareTenantSourceIPv6
   884:
-  - :string
-  - :vmwareUnknown884
+  - :ip6_addr
+  - :vmwareTenantDestIPv6
   886:
   - :uint16
-  - :vmwareUnknown886
+  - :vmwareTenantSourcePort
   887:
   - :uint16
-  - :vmwareUnknown887
+  - :vmwareTenantDestPort
   888:
   - :uint16
-  # source: https://github.com/logstash-plugins/logstash-codec-netflow/issues/28#issuecomment-371811848
-  - :vmwareEgressInterfaceTypeID
+  - :vmwareEgressInterfaceAttr
   889:
   - :uint8
-  # source: https://github.com/logstash-plugins/logstash-codec-netflow/issues/28#issuecomment-371811848
-  - :vmwareObservationDomainID
+  - :vmwareVxlanExportRole
   890:
   - :uint16
-  # source: https://github.com/logstash-plugins/logstash-codec-netflow/issues/28#issuecomment-371811848
-  - :vmwareIngressInterfaceTypeID
+  - :vmwareIngressInterfaceAttr
 29305:
   1:
   - :uint64
@@ -3634,8 +3631,7 @@
   4321:
   - :uint64
   - :viptelaVPNId
-# List below taken from Procera PacketLogic product guide 15.1 - Not publicly available AFAIK
-# Further updates / additional fields may be present with versions 16/17+
+# List below taken from Procera PacketLogic product guide 15.1 and 20.30 - Not publicly available
 15397:
   1:
   - :string
@@ -3743,16 +3739,16 @@
   - :string
   - :proceraGgsn
   38:
-  - :float32
+  - :float
   - :proceraQoeIncomingInternal
   39:
-  - :float32
+  - :float
   - :proceraQoeIncomingExternal
   40:
-  - :float32
+  - :float
   - :proceraQoeOutgoingInternal
   41:
-  - :float32
+  - :float
   - :proceraQoeOutgoingExternal
   42:
   - :ip4_addr
@@ -3772,6 +3768,69 @@
   47:
   - :string
   - :proceraTemplateName
+  49:
+  - :uint8
+  - :proceraIncomingDscp
+  50:
+  - :uint8
+  - :proceraOutgoingDscp
+  51:
+  - :uint16
+  - :proceraIncomingDot1qVlanIdLevel1
+  52:
+  - :uint16
+  - :proceraIncomingDot1qVlanIdLevel2
+  53:
+  - :uint16
+  - :proceraIncomingDot1qVlanIdLevel3
+  54:
+  - :uint16
+  - :proceraIncomingDot1qVlanIdLevel4
+  55:
+  - :uint16
+  - :proceraOutgoingDot1qVlanIdLevel1
+  56:
+  - :uint16
+  - :proceraOutgoingDot1qVlanIdLevel2
+  57:
+  - :uint16
+  - :proceraOutgoingDot1qVlanIdLevel3
+  58:
+  - :uint16
+  - :proceraOutgoingDot1qVlanIdLevel4
+  59:
+  - :int8
+  - :proceraIncomingDot1qPriorityLevel1
+  60:
+  - :int8
+  - :proceraIncomingDot1qPriorityLevel2
+  61:
+  - :int8
+  - :proceraIncomingDot1qPriorityLevel3
+  62:
+  - :int8
+  - :proceraIncomingDot1qPriorityLevel4
+  63:
+  - :int8
+  - :proceraOutgoingDot1qPriorityLevel1
+  64:
+  - :int8
+  - :proceraOutgoingDot1qPriorityLevel2
+  65:
+  - :int8
+  - :proceraOutgoingDot1qPriorityLevel3
+  66:
+  - :int8
+  - :proceraOutgoingDot1qPriorityLevel4
+  67:
+  - :int32
+  - :proceraInternalJitter
+  69:
+  - :string
+  - :proceraServiceObject
+  70:
+  - :string
+  - :proceraRemoteGeoIP
 10704:
   1:
   - :uint32
@@ -3846,3 +3905,122 @@
   12:
   - :uint32
   - :AuditCounter
+# Ixia Communications (3054)
+3054:
+  110:
+  - :uint32
+  - :ixiaL7AppId
+  111:
+  - :string
+  - :ixiaL7AppName
+  120:
+  - :string
+  - :ixiaSrcCountryCode
+  121:
+  - :string
+  - :ixiaSrcCountryName
+  122:
+  - :string
+  - :ixiaSrcRegionCode
+  123:
+  - :string
+  - :ixiaSrcRegionName
+  125:
+  - :string
+  - :ixiaSrcCityName
+  126:
+  - :float
+  - :ixiaSrcLatitude
+  127:
+  - :float
+  - :ixiaSrcLongitude
+  140:
+  - :string
+  - :ixiaDstCountryCode
+  141:
+  - :string
+  - :ixiaDstCountryName
+  142:
+  - :string
+  - :ixiaDstRegionCode
+  143:
+  - :string
+  - :ixiaDstRegionNode
+  145:
+  - :string
+  - :ixiaDstCityName
+  146:
+  - :float
+  - :ixiaDstLatitude
+  147:
+  - :float
+  - :ixiaDstLongitude
+  160:
+  - :uint8
+  - :ixiaDeviceId
+  161:
+  - :string
+  - :ixiaDeviceName
+  162:
+  - :uint8
+  - :ixiaBrowserId
+  163:
+  - :string
+  - :ixiaBrowserName
+  176:
+  - :uint64
+  - :ixiaRevOctetDeltaCount
+  177:
+  - :uint64
+  - :ixiaRevPacketDeltaCount
+  178:
+  - :string
+  - :ixiaEncryptType
+  179:
+  - :string
+  - :ixiaEncryptCipher
+  180:
+  - :uint16
+  - :ixiaEncryptKeyLength
+  181:
+  - :string
+  - :ixiaImsiSubscriber
+  182:
+  - :string
+  - :ixiaHttpUserAgent
+  183:
+  - :string
+  - :ixiaHttpHostName
+  184:
+  - :string
+  - :ixiaHttpUri
+  185:
+  - :string
+  - :ixiaDnsRecordTxt
+  186:
+  - :string
+  - :ixiaSrcAsName
+  187:
+  - :string
+  - :ixiaDstAsName
+  188:
+  - :uint32
+  - :ixiaLatency
+  189:
+  - :string
+  - :ixiaDnsQuery
+  190:
+  - :string
+  - :ixiaDnsAnswer
+  191:
+  - :string
+  - :ixiaDnsClasses
+  192:
+  - :string
+  - :ixiaThreatType
+  193:
+  - :ip4_addr
+  - :ixiaThreatIPv4
+  194:
+  - :ip4_addr
+  - :ixiaThreatIPv6