Project

General

Profile

Actions

Feature #7532

closed

detect/ldap: add keywords for LDAPResult

Added by Alice da Silva Akaki 2 months ago. Updated 23 days ago.

Status:
Closed
Priority:
High
Target version:
Effort:
Difficulty:
Label:

Description

Add keyword ldap.responses.result_code to match on the LDAPResult field resultCode which is an enum

Add keyword ldap.responses.message to match on the LDAPResult field errorMessage which is an octet string

Eve fields to match:
ldap.responses[].bind_response.result_code
ldap.responses[].bind_response.message
ldap.responses[].search_result_done.result_code
ldap.responses[].search_result_done.message
ldap.responses[].modify_response.result_code
ldap.responses[].modify_response.message
ldap.responses[].add_response.result_code
ldap.responses[].add_response.message
ldap.responses[].del_response.result_code
ldap.responses[].del_response.message
ldap.responses[].mod_dn_response.result_code
ldap.responses[].mod_dn_response.message
ldap.responses[].compare_response.result_code
ldap.responses[].compare_response.message
ldap.responses[].extended_response.result_code
ldap.responses[].extended_response.message


Related issues 1 (1 open0 closed)

Blocks Suricata - Task #7452: ldap: add keywords to match outputIn ProgressAlice da Silva AkakiActions
Actions #1

Updated by Alice da Silva Akaki 2 months ago

  • Description updated (diff)
Actions #2

Updated by Philippe Antoine 2 months ago

  • Blocks Task #7452: ldap: add keywords to match output added
Actions #3

Updated by Philippe Antoine 2 months ago

There is no ldap.request.result_code it is only in responses right ?

Actions #4

Updated by Alice da Silva Akaki about 2 months ago

  • Description updated (diff)
Actions #5

Updated by Alice da Silva Akaki about 2 months ago

Philippe Antoine wrote in #note-3:

There is no ldap.request.result_code it is only in responses right ?

yes, it is fixed now

Actions #7

Updated by Philippe Antoine about 2 months ago

  • Status changed from In Progress to In Review
Actions #8

Updated by Alice da Silva Akaki about 1 month ago

  • Description updated (diff)
Actions #9

Updated by Alice da Silva Akaki about 1 month ago

  • Subject changed from detect: add keywords for LDAPResult to detect/ldap: add keywords for LDAPResult
Actions #10

Updated by Philippe Antoine 30 days ago

  • Target version changed from 8.0.0 to 8.0.0-beta1
Actions #11

Updated by Alice da Silva Akaki 23 days ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF