Project

General

Profile

Actions
Copy link

Feature #7471

closed
PA AD

Task #7452: ldap: add keywords to match output

detect/ldap: add ldap.distinguished_name keywords for request and response

Feature #7471: detect/ldap: add ldap.distinguished_name keywords for request and response

Added by Philippe Antoine over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
High
Assignee:
Alice da Silva Akaki
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Which is a buffer

We should also investigate if
pub struct LdapDN(pub String); is right because this means we only accept valid utf-8 strings
when LDAP may accept arbitrary ascii buffer

Eve fields to match:
ldap.request.bind_request.name
ldap.request.add_request.entry
ldap.request.search_request.base_object
ldap.request.modify_request.object
ldap.request.del_request.dn
ldap.request.mod_dn_request.entry
ldap.request.compare_request.entry
ldap.responses[].search_result_entry.base_object
ldap.responses[].bind_response.matched_dn
ldap.responses[].search_result_done.matched_dn
ldap.responses[].modify_response.matched_dn
ldap.responses[].add_response.matched_dn
ldap.responses[].del_response.matched_dn
ldap.responses[].mod_dn_response.matched_dn
ldap.responses[].compare_response.matched_dn
ldap.responses[].extended_response.matched_dn

JF Updated by Juliana Fajardini Reichow over 1 year ago Actions
Copy link
 #1

  • Tracker changed from Task to Feature

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #2

Should we restrict to bind operation or have all operations but look for all LDAPDN ?

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #3

  • Subject changed from detect/ldap: add ldap.bind.name keyword to detect/ldap: add ldap.distinguished_name keyword

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #4

  • Priority changed from Normal to High

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #5

Implement keyword for both directions ldap.request.distinguished_name and ldap.responses.distinguished_name

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #6

  • Subject changed from detect/ldap: add ldap.distinguished_name keyword to detect/ldap: add ldap.distinguished_name keywords for request and response

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #7

  • Target version changed from TBD to 8.0.0-beta1

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #8

Could you please tell the json fields it maps to ?

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #9

  • Description updated (diff)

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #10

  • Description updated (diff)

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #11

  • Status changed from New to In Progress

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #12

  • Status changed from In Progress to In Review

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #13

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: PDF Atom