Feature #4175: dcerpc: higher level logging - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4175

open

dcerpc: higher level logging

Added by Victor Julien over 3 years ago.

Status:

New

Priority:

Normal

Assignee:

Community Ticket

Target version:

TBD

Effort:

Difficulty:

Label:

Description

At the 2020 brainstorm it was suggested that the DCERPC logging would support a higher level logging, as both dcerpc and smb can be very verbose. Zeek was mentioned as an example to look at. Concern was that it might hide evasion attempts.

A good start would be to get some examples.

Related issues 2 (1 open — 1 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

	Related to Suricata - Task #4097: Suricon 2020 brainstorm	Assigned	Victor Julien				Actions
	Related to Suricata - Feature #5413: DCERPC logging is not easy to use in analysis	Closed	Eric Leblond				Actions

Project

General

Profile

Suricata

Custom queries

Feature #4175

dcerpc: higher level logging

Updated by Victor Julien over 3 years ago

Updated by Victor Julien almost 2 years ago