Actions
Feature #7100
open
PM
OD
smb: additional keywords
Feature #7100:
smb: additional keywords
Description
We have the regular event_type SMB logs.
Some alert detection additions of SMB keywords could be very useful.
This data can be extracted and seen in the default generated Suricata SMB logs, however it is very helpful to be able to alert on that and other cases.
Suggestions for keywords that we already have logged in SMB as logs , but would be useful if available as keywords:
- smb status code
- smb command
PA Updated by Philippe Antoine almost 2 years ago
PA Updated by Philippe Antoine almost 2 years ago
- Related to Feature #5069: smb: keyword for matching smb command added
VJ Updated by Victor Julien almost 2 years ago
- Related to Task #4772: tracking: parity between fields logged and fields available for detection added
LS Updated by Lukas Sismis almost 2 years ago
- Related to Feature #7095: rdp: keywords additions added
LS Updated by Lukas Sismis almost 2 years ago
- Related to deleted (Feature #7095: rdp: keywords additions)
LS Updated by Lukas Sismis almost 2 years ago
- Related to Story #6597: rules: improve rules keyword/output parity added
VJ Updated by Victor Julien almost 2 years ago
- Subject changed from Additional SMB keywords support to smb: additional keywords
Actions