Project

General

Profile

Actions

Feature #4175

open

dcerpc: higher level logging

Added by Victor Julien about 4 years ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

At the 2020 brainstorm it was suggested that the DCERPC logging would support a higher level logging, as both dcerpc and smb can be very verbose. Zeek was mentioned as an example to look at. Concern was that it might hide evasion attempts.

A good start would be to get some examples.


Related issues 3 (2 open1 closed)

Related to Suricata - Task #4097: Suricon 2020 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #5413: DCERPC logging is not easy to use in analysisClosedEric LeblondActions
Related to Suricata - Feature #4213: smb: higher level loggingNewOISF DevActions
Actions #1

Updated by Victor Julien about 4 years ago

  • Related to Task #4097: Suricon 2020 brainstorm added
Actions #2

Updated by Victor Julien over 2 years ago

  • Related to Feature #5413: DCERPC logging is not easy to use in analysis added
Actions #3

Updated by Jason Ish 7 months ago

Actions

Also available in: Atom PDF