alerts: display quic sni if available

src/elastic/eventrepo/alerts.rs

@@ -77,6 +77,7 @@ impl ElasticEventRepo {
                 "timestamp",
                 // So we can display the SNI in the alert list.
                 "tls.sni",
+                "quic.sni",
                 // So we can display the query name in the alert list.
                 "dns.query",
             ])

src/sqlite/eventrepo/alerts.rs

@@ -58,6 +58,7 @@ impl SqliteEventRepo {
             .selectjs("alert.action")
             .selectjs2("dns")
             .selectjs2("tls")
+            .selectjs2("quic")
             .selectjs("app_proto")
             .selectjs("dest_ip")
             .selectjs("src_ip")
@@ -173,6 +174,7 @@ impl SqliteEventRepo {
             let host: Option<String> = row.try_get("host").unwrap_or(None);
             let tls: serde_json::Value = row.try_get("tls").unwrap_or(serde_json::Value::Null);
             let dns: serde_json::Value = row.try_get("dns").unwrap_or(serde_json::Value::Null);
+            let quic: serde_json::Value = row.try_get("quic").unwrap_or(serde_json::Value::Null);
 
             if let Some(host) = host {
                 sensors.insert(host);
@@ -192,6 +194,7 @@ impl SqliteEventRepo {
                 },
                 "tls": tls,
                 "dns": dns,
+                "quic": quic,
             });
 
             let key = format!("{alert_signature_id}{src_ip}{dest_ip}");

webapp/src/Alerts.tsx

@@ -1052,6 +1052,11 @@ export function AlertDescription(props: { event: EventWrapper }) {
           {props.event._source.tls!.sni}
         </span>
       </Show>
+      <Show when={props.event._source.quic?.sni}>
+        <span class="badge text-bg-secondary me-2">
+          {props.event._source.quic!.sni}
+        </span>
+      </Show>
       <Show when={props.event._source.dns?.query}>
         <span class="badge text-bg-secondary me-2">
           {props.event._source.dns?.query![0].rrname}