Project

General

Profile

Actions
Copy link

Feature #7095

open
PM OD

rdp: keywords additions

Feature #7095: rdp: keywords additions

Added by Peter Manev almost 2 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Description

While Suricata generates RDP protocol logs itself , it is often useful to have rdp keywords available so custom signatures can be developed.
Currently we have none.

Interesting use cases can be for keywords , that we already have logging for, can be:
  • rdp client version
  • rdp client name
  • rdp client cookie
  • rdp cleint build
  • rdp client keyboard type
  • rdp x509 serial

The screenshot attached are Kibana visualizations from the regular protocol log (event_type rdp) produced by Suricata

Files

Screenshot from 2024-06-16 17-23-59.png (162 KB) Screenshot from 2024-06-16 17-23-59.png Peter Manev, 06/16/2024 03:25 PM

Related issues 2 (1 open1 closed)

Related to Suricata - Story #6597: rules: improve rules keyword/output parityClosedVictor JulienActions
Related to Suricata - Optimization #3304: generic way to register buffers for logging and detectionNewOISF DevActions

JI Updated by Jason Ish almost 2 years ago Actions
Copy link
 #1

  • Related to Story #6597: rules: improve rules keyword/output parity added

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
 #2

  • Related to Optimization #3304: generic way to register buffers for logging and detection added

LS Updated by Lukas Sismis almost 2 years ago Actions
Copy link
 #3

LS Updated by Lukas Sismis almost 2 years ago Actions
Copy link
 #4

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #5

  • Subject changed from rdp keywords additions to rdp: keywords additions
Actions
Copy link

Also available in: PDF Atom