Feature #5413: DCERPC logging is not easy to use in analysis - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #5413

closed

DCERPC logging is not easy to use in analysis

Added by Eric Leblond 7 months ago. Updated 3 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Eric Leblond

Target version:

7.0.0-beta1

Effort:

Difficulty:

Label:

Description

The dcerpc part of smb events have the dcerpc uudi in one event and the opnum in another event. This is not convenient as a full understanding of the dcerpc request needs to be build upon 2 events.

Related issues 2 (2 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Updated by Victor Julien 7 months ago

Related to Feature #4175: dcerpc: higher level logging added

Actions

Copy link

Updated by Victor Julien 3 months ago

Status changed from In Progress to Closed
Target version changed from TBD to 7.0.0-beta1

https://github.com/OISF/suricata/pull/7584

Actions

Copy link

Updated by Jason Ish 3 days ago

Related to Bug #5814: smb: duplicate interface fields logged added

Actions

Copy link

Also available in: Atom PDF

	Related to Feature #4175: dcerpc: higher level logging	New	Community Ticket				Actions
	Related to Bug #5814: smb: duplicate interface fields logged	In Review	Jason Ish				Actions

Project

General

Profile

Suricata

Custom queries

Feature #5413

DCERPC logging is not easy to use in analysis

Updated by Victor Julien 7 months ago

Updated by Victor Julien 3 months ago

Updated by Jason Ish 3 days ago