Bug #4622: File deletions over SMB are not always logged - Suricata - Open Information Security Foundation

Actions

Bug #4622

closed

File deletions over SMB are not always logged

Added by Philippe Antoine about 3 years ago. Updated about 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Description

It did not work for SMBv1 on pap found here https://radajo.blogspot.com/2008/01/investigating-file-deletion-from_20.html

It was not implemented for SMBv2 as Wireshark filter smb2.file_info.infolevel == 0x0d can show it

https://github.com/OISF/suricata/pull/6275

Actions

#1

Updated by Philippe Antoine about 3 years ago

Status changed from In Review to Closed

https://github.com/OISF/suricata/pull/6275

Actions

Also available in: Atom PDF