Project

General

Profile

Actions
Copy link

Feature #6079

closed
VJ SB

eve/dcerpc: eve/smb: log dcerpc uuid with request/response txs

Feature #6079: eve/dcerpc: eve/smb: log dcerpc uuid with request/response txs

Added by Victor Julien almost 3 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Need the UUID with the opnum.

JF Updated by Juliana Fajardini Reichow almost 3 years ago Actions
Copy link
 #1

  • Target version changed from 7.0.0-rc2 to 8.0.0-beta1

SB Updated by Shivani Bhardwaj about 2 years ago Actions
Copy link
 #2

It seems to me that this feature is already in place. If an SMB request is DCERPC and has interfaces, they are logged along with the opnum.
Code where this happens: https://github.com/OISF/suricata/blob/master/rust/src/smb/log.rs#L334
Also verified in the existing s-v test smb-dce_opnum.

@Peter Manev I remember you coming up with this issue. Could you please verify this is up to your expectations or if I am misunderstanding what's needed?

SB Updated by Shivani Bhardwaj almost 2 years ago Actions
Copy link
 #3

  • Status changed from Assigned to Closed

I believe this is already done in the code. If it is not as per the expectations, please feel free to reopen with clear expectations.

Actions
Copy link

Also available in: PDF Atom