Project

General

Profile

Actions
Copy link

Feature #7532

open

detect: add keywords for LDAPResult

Added by Alice da Silva Akaki 22 days ago. Updated 2 days ago.

Status:
In Review
Priority:
High
Assignee:
Alice da Silva Akaki
Target version:
8.0.0
Effort:
Difficulty:
Label:

Description

Add keyword ldap.responses.result_code to match on the LDAPResult field resultCode which is an enum

Add keyword ldap.responses.message to match on the LDAPResult field errorMessage which is an octet string

Eve fields to match:
ldap.responses[].bind_response.result_code
ldap.responses[].bind_response.message
ldap.responses[].search_result_done.result_code
ldap.responses[].search_result_done.message
ldap.responses[].modify_response.result_code
ldap.responses[].modify_response.message
ldap.responses[].add_response.result_code
ldap.responses[].add_response.message
ldap.responses[].del_response.result_code
ldap.responses[].del_response.message
ldap.responses[].mod_dn_response.result_code
ldap.responses[].mod_dn_response.message
ldap.responses[].compare_response.result_code
ldap.responses[].compare_response.message
ldap.responses[].extended_response.result_code
ldap.responses[].extended_response.message

Related issues 1 (1 open0 closed)

Blocks Suricata - Task #7452: ldap: add keywords to match outputNewAlice da Silva AkakiActions
Actions
Copy link

Also available in: Atom PDF