Is anyone else having issues finding expected meta from the HTTP_lua parser?
Particularly I'm concerned that the latest version of the parser may not be parsing out these pieces of meta <below> but there may be others:
http post no get
http suspicious 4 headers
http suspicious no cookie
I have the latest HTTP_lua parser deployed from Live, dated 2019-11-11 7:09 PM
For 'http post no get' testing I used this query <below> to identify sessions that match the scenario:
service = 80 && action = 'post' && ~(action='get')
However, when I look through those returned sessions I do not see expected meta for analysis.service='http post no get'
Thanks in advance,