Feature #7471
openTask #7452: ldap: add keywords to match output
detect/ldap: add ldap.distinguished_name keywords for request and response
Description
Which is a buffer
We should also investigate if pub struct LdapDN(pub String); is right because this means we only accept valid utf-8 strings
when LDAP may accept arbitrary ascii buffer
Eve fields to match:
ldap.request.bind_request.name
ldap.request.add_request.entry
ldap.request.search_request.base_object
ldap.request.modify_request.object
ldap.request.del_request.dn
ldap.request.mod_dn_request.entry
ldap.request.compare_request.entry
ldap.responses[].search_result_entry.base_object
ldap.responses[].bind_response.matched_dn
ldap.responses[].search_result_done.matched_dn
ldap.responses[].modify_response.matched_dn
ldap.responses[].add_response.matched_dn
ldap.responses[].del_response.matched_dn
ldap.responses[].mod_dn_response.matched_dn
ldap.responses[].compare_response.matched_dn
ldap.responses[].extended_response.matched_dn
Updated by Juliana Fajardini Reichow 2 months ago
- Tracker changed from Task to Feature
Updated by Philippe Antoine 2 months ago
Should we restrict to bind operation or have all operations but look for all LDAPDN ?
Updated by Philippe Antoine 29 days ago
- Subject changed from detect/ldap: add ldap.bind.name keyword to detect/ldap: add ldap.distinguished_name keyword
Updated by Alice da Silva Akaki 21 days ago
Implement keyword for both directions ldap.request.distinguished_name and ldap.responses.distinguished_name
Updated by Philippe Antoine 19 days ago
- Subject changed from detect/ldap: add ldap.distinguished_name keyword to detect/ldap: add ldap.distinguished_name keywords for request and response
Updated by Philippe Antoine 19 days ago
- Target version changed from TBD to 8.0.0-beta1
Updated by Philippe Antoine 19 days ago
Could you please tell the json fields it maps to ?
Updated by Philippe Antoine 17 days ago
- Status changed from New to In Progress
Updated by Philippe Antoine 9 days ago
- Status changed from In Progress to In Review