Feature #7532
opendetect: add keywords for LDAPResult
Description
Add keyword ldap.responses.result_code to match on the LDAPResult field resultCode which is an enum
Add keyword ldap.responses.message to match on the LDAPResult field errorMessage which is an octet string
Eve fields to match:
ldap.responses[].bind_response.result_code
ldap.responses[].bind_response.message
ldap.responses[].search_result_done.result_code
ldap.responses[].search_result_done.message
ldap.responses[].modify_response.result_code
ldap.responses[].modify_response.message
ldap.responses[].add_response.result_code
ldap.responses[].add_response.message
ldap.responses[].del_response.result_code
ldap.responses[].del_response.message
ldap.responses[].mod_dn_response.result_code
ldap.responses[].mod_dn_response.message
ldap.responses[].compare_response.result_code
ldap.responses[].compare_response.message
ldap.responses[].extended_response.result_code
ldap.responses[].extended_response.message
Updated by Philippe Antoine 20 days ago
- Blocks Task #7452: ldap: add keywords to match output added
Updated by Philippe Antoine 20 days ago
There is no ldap.request.result_code it is only in responses right ?
Updated by Alice da Silva Akaki 19 days ago
Philippe Antoine wrote in #note-3:
There is no ldap.request.result_code it is only in responses right ?
yes, it is fixed now
Updated by Alice da Silva Akaki 11 days ago
- Status changed from New to In Progress
PRs for review:
SU: https://github.com/OISF/suricata/pull/12555
SV: https://github.com/OISF/suricata-verify/pull/2282
Updated by Philippe Antoine 6 days ago
- Status changed from In Progress to In Review