Project

General

Profile

Actions
Copy link

Task #7452

open
PA OD

ldap: add keywords to match output

Task #7452: ldap: add keywords to match output

Added by Philippe Antoine over 1 year ago. Updated 4 months ago.

Status:
In Progress
Priority:
Normal
Assignee:
OISF Dev
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Subtasks 4 (2 open2 closed)

Feature #7453: detect/ldap: add ldap.request.operation and ldap.response.operation keywordsClosedAlice da Silva AkakiActions
Feature #7470: detect/ldap: add ldap.bind.version keywordAssignedOISF DevActions
Feature #7471: detect/ldap: add ldap.distinguished_name keywords for request and responseClosedAlice da Silva AkakiActions
Feature #7550: detect/ldap: add keywords for LDAP ExtendedResponseAssignedOISF DevActions

Related issues 11 (7 open4 closed)

Related to Suricata - Feature #1199: protocol: LDAP supportClosedGiuseppe LongoActions
Related to Suricata - Feature #7477: ldap: add support for AbandonRequestClosedAlice da Silva AkakiActions
Related to Suricata - Feature #7535: detect/ldap: add ldap.search_request.filter and also log the filterNewOISF DevActions
Related to Suricata - Feature #7539: detect/ldap: add keyword ldap.mod_dn_request.new_rdnNewOISF DevActions
Blocked by Suricata - Feature #7532: detect/ldap: add keywords for LDAPResultClosedAlice da Silva AkakiActions
Blocked by Suricata - Feature #7533: detect/ldap: add ldap.request.attribute_type and ldap.request.attribute keywords, and same for responsesClosedAlice da Silva AkakiActions
Blocked by Suricata - Feature #7534: detect/ldap: add ldap.request.message_id and ldap.responses.message_idNewOISF DevActions
Blocked by Suricata - Feature #7536: detect/ldap: add keywords for LDAP BindRequestNewOISF DevActions
Blocked by Suricata - Feature #7537: detect/ldap: add keywords for LDAP SearchRequestNewOISF DevActions
Blocked by Suricata - Feature #7538: detect/ldap: keyword ldap.modify_request.operationNewOISF DevActions
Blocks Suricata - Story #7901: 9.0.0: rules: improve rules keyword/output parityAssignedVictor JulienActions

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #1

  • Blocks Story #6597: rules: improve rules keyword/output parity added

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #2

  • Tracker changed from Feature to Task

JF Updated by Juliana Fajardini Reichow over 1 year ago Actions
Copy link
 #3

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #4

  • Subtask #7453 added

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #5

  • Subtask #7470 added

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #6

  • Subtask #7471 added

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #7

  • Related to Feature #7477: ldap: add support for AbandonRequest added

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #8

List of keywords to add :
- ldap.dn : buffer , maps to bind_request.name, search_request.base_object, etc... # comment if there is something to say
- ldap.result.code : integer

First, the generic keywords that work for multiple operations, based on the LDAP ASN1 definition

And then the remaining fields in json schema like bind_request.version, ordered by priority

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #9

  • Blocked by Feature #7532: detect/ldap: add keywords for LDAPResult added

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #10

  • Blocked by Feature #7533: detect/ldap: add ldap.request.attribute_type and ldap.request.attribute keywords, and same for responses added

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #11

  • Blocked by Feature #7534: detect/ldap: add ldap.request.message_id and ldap.responses.message_id added

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #12

  • Related to Feature #7535: detect/ldap: add ldap.search_request.filter and also log the filter added

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #13

  • Blocked by Feature #7536: detect/ldap: add keywords for LDAP BindRequest added

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #14

  • Blocked by Feature #7537: detect/ldap: add keywords for LDAP SearchRequest added

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #15

  • Blocked by Feature #7538: detect/ldap: keyword ldap.modify_request.operation added

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #16

  • Related to Feature #7539: detect/ldap: add keyword ldap.mod_dn_request.new_rdn added

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #17

  • Subtask #7550 added

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #18

  • Status changed from New to In Progress

SB Updated by Shivani Bhardwaj 12 months ago Actions
Copy link
 #19

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1

VJ Updated by Victor Julien 10 months ago Actions
Copy link
 #20

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1

VJ Updated by Victor Julien 7 months ago Actions
Copy link
 #21

  • Blocks deleted (Story #6597: rules: improve rules keyword/output parity)

VJ Updated by Victor Julien 7 months ago Actions
Copy link
 #22

  • Blocks Story #7901: 9.0.0: rules: improve rules keyword/output parity added

JF Updated by Juliana Fajardini Reichow 4 months ago Actions
Copy link
 #23

  • Assignee changed from Alice da Silva Akaki to OISF Dev
Actions
Copy link

Also available in: PDF Atom