Project

General

Profile

Actions
Copy link

Feature #6079

closed

eve/dcerpc: eve/smb: log dcerpc uuid with request/response txs

Added by Victor Julien almost 2 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Need the UUID with the opnum.

Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow almost 2 years ago

  • Target version changed from 7.0.0-rc2 to 8.0.0-beta1
Actions
Copy link
 #2

Updated by Shivani Bhardwaj about 1 year ago

It seems to me that this feature is already in place. If an SMB request is DCERPC and has interfaces, they are logged along with the opnum.
Code where this happens: https://github.com/OISF/suricata/blob/master/rust/src/smb/log.rs#L334
Also verified in the existing s-v test smb-dce_opnum.

@Peter Manev I remember you coming up with this issue. Could you please verify this is up to your expectations or if I am misunderstanding what's needed?

Actions
Copy link
 #3

Updated by Shivani Bhardwaj about 1 year ago

  • Status changed from Assigned to Closed

I believe this is already done in the code. If it is not as per the expectations, please feel free to reopen with clear expectations.

Actions
Copy link

Also available in: Atom PDF