Project

General

Profile

Actions
Copy link

Feature #6079

open

eve/dcerpc: eve/smb: log dcerpc uuid with request/response txs

Added by Victor Julien 11 months ago. Updated 21 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Need the UUID with the opnum.

Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow 11 months ago

  • Target version changed from 7.0.0-rc2 to 8.0.0-beta1
Actions
Copy link
 #2

Updated by Shivani Bhardwaj 21 days ago

It seems to me that this feature is already in place. If an SMB request is DCERPC and has interfaces, they are logged along with the opnum.
Code where this happens: https://github.com/OISF/suricata/blob/master/rust/src/smb/log.rs#L334
Also verified in the existing s-v test smb-dce_opnum.

@Peter Manev I remember you coming up with this issue. Could you please verify this is up to your expectations or if I am misunderstanding what's needed?

Actions
Copy link

Also available in: Atom PDF