Feature #7532
closeddetect/ldap: add keywords for LDAPResult
Description
Add keyword ldap.responses.result_code to match on the LDAPResult field resultCode which is an enum
Add keyword ldap.responses.message to match on the LDAPResult field errorMessage which is an octet string
Eve fields to match:
ldap.responses[].bind_response.result_code
ldap.responses[].bind_response.message
ldap.responses[].search_result_done.result_code
ldap.responses[].search_result_done.message
ldap.responses[].modify_response.result_code
ldap.responses[].modify_response.message
ldap.responses[].add_response.result_code
ldap.responses[].add_response.message
ldap.responses[].del_response.result_code
ldap.responses[].del_response.message
ldap.responses[].mod_dn_response.result_code
ldap.responses[].mod_dn_response.message
ldap.responses[].compare_response.result_code
ldap.responses[].compare_response.message
ldap.responses[].extended_response.result_code
ldap.responses[].extended_response.message
Updated by Philippe Antoine 3 months ago
- Blocks Task #7452: ldap: add keywords to match output added
Updated by Philippe Antoine 3 months ago
There is no ldap.request.result_code it is only in responses right ?
Updated by Alice da Silva Akaki 3 months ago
Philippe Antoine wrote in #note-3:
There is no ldap.request.result_code it is only in responses right ?
yes, it is fixed now
Updated by Alice da Silva Akaki 2 months ago
- Status changed from New to In Progress
PRs for review:
SU: https://github.com/OISF/suricata/pull/12555
SV: https://github.com/OISF/suricata-verify/pull/2282
Updated by Philippe Antoine 2 months ago
- Status changed from In Progress to In Review
Updated by Alice da Silva Akaki 2 months ago
- Subject changed from detect: add keywords for LDAPResult to detect/ldap: add keywords for LDAPResult
Updated by Philippe Antoine about 2 months ago
- Target version changed from 8.0.0 to 8.0.0-beta1
Updated by Alice da Silva Akaki about 2 months ago
- Status changed from In Review to Closed