Feature #5413: DCERPC logging is not easy to use in analysis - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #5413

open

DCERPC logging is not easy to use in analysis

Added by Eric Leblond 3 months ago.

Status:

In Progress

Priority:

Normal

Assignee:

Eric Leblond

Target version:

TBD

Effort:

Difficulty:

Label:

Description

The dcerpc part of smb events have the dcerpc uudi in one event and the opnum in another event. This is not convenient as a full understanding of the dcerpc request needs to be build upon 2 events.

Related issues 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Updated by Victor Julien 3 months ago

Related to Feature #4175: dcerpc: higher level logging added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #5413

DCERPC logging is not easy to use in analysis

Updated by Victor Julien 3 months ago