Feature #5413: DCERPC logging is not easy to use in analysis - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #5413

closed

DCERPC logging is not easy to use in analysis

Added by Eric Leblond about 3 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Eric Leblond

Target version:

7.0.0-beta1

Effort:

Difficulty:

Label:

Description

The dcerpc part of smb events have the dcerpc uudi in one event and the opnum in another event. This is not convenient as a full understanding of the dcerpc request needs to be build upon 2 events.

Related issues 2 (1 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Updated by Victor Julien about 3 years ago

Related to Feature #4175: dcerpc: higher level logging added

Actions

Copy link

Updated by Victor Julien over 2 years ago

Status changed from In Progress to Closed
Target version changed from TBD to 7.0.0-beta1

https://github.com/OISF/suricata/pull/7584

Actions

Copy link

Updated by Jason Ish over 2 years ago

Related to Bug #5814: smb: duplicate interface fields logged added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #5413

DCERPC logging is not easy to use in analysis

Updated by Victor Julien about 3 years ago

Updated by Victor Julien over 2 years ago

Updated by Jason Ish over 2 years ago

	Related to Suricata - Feature #4175: dcerpc: higher level logging	New	Community Ticket				Actions
	Related to Suricata - Bug #5814: smb: duplicate interface fields logged	Closed	Jason Ish				Actions