Project

General

Profile

Actions
Copy link

Feature #7532

closed

detect/ldap: add keywords for LDAPResult

Added by Alice da Silva Akaki 3 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
High
Assignee:
Alice da Silva Akaki
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Add keyword ldap.responses.result_code to match on the LDAPResult field resultCode which is an enum

Add keyword ldap.responses.message to match on the LDAPResult field errorMessage which is an octet string

Eve fields to match:
ldap.responses[].bind_response.result_code
ldap.responses[].bind_response.message
ldap.responses[].search_result_done.result_code
ldap.responses[].search_result_done.message
ldap.responses[].modify_response.result_code
ldap.responses[].modify_response.message
ldap.responses[].add_response.result_code
ldap.responses[].add_response.message
ldap.responses[].del_response.result_code
ldap.responses[].del_response.message
ldap.responses[].mod_dn_response.result_code
ldap.responses[].mod_dn_response.message
ldap.responses[].compare_response.result_code
ldap.responses[].compare_response.message
ldap.responses[].extended_response.result_code
ldap.responses[].extended_response.message

Related issues 1 (1 open0 closed)

Blocks Suricata - Task #7452: ldap: add keywords to match outputIn ProgressAlice da Silva AkakiActions
Actions
Copy link

Also available in: Atom PDF