Feature #7471: detect/ldap: add ldap.distinguished_name keywords for request and response - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #7471

closed

Task #7452: ldap: add keywords to match output

detect/ldap: add ldap.distinguished_name keywords for request and response

Added by Philippe Antoine 3 months ago. Updated about 1 month ago.

Status:

Closed

Priority:

High

Assignee:

Alice da Silva Akaki

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Description

Which is a buffer

We should also investigate if
pub struct LdapDN(pub String); is right because this means we only accept valid utf-8 strings
when LDAP may accept arbitrary ascii buffer

Eve fields to match:
ldap.request.bind_request.name
ldap.request.add_request.entry
ldap.request.search_request.base_object
ldap.request.modify_request.object
ldap.request.del_request.dn
ldap.request.mod_dn_request.entry
ldap.request.compare_request.entry
ldap.responses[].search_result_entry.base_object
ldap.responses[].bind_response.matched_dn
ldap.responses[].search_result_done.matched_dn
ldap.responses[].modify_response.matched_dn
ldap.responses[].add_response.matched_dn
ldap.responses[].del_response.matched_dn
ldap.responses[].mod_dn_response.matched_dn
ldap.responses[].compare_response.matched_dn
ldap.responses[].extended_response.matched_dn

Updated by Juliana Fajardini Reichow 3 months ago

Tracker changed from Task to Feature

Updated by Philippe Antoine 2 months ago

Subject changed from detect/ldap: add ldap.bind.name keyword to detect/ldap: add ldap.distinguished_name keyword

Updated by Philippe Antoine 2 months ago

Priority changed from Normal to High

Updated by Philippe Antoine about 2 months ago

Subject changed from detect/ldap: add ldap.distinguished_name keyword to detect/ldap: add ldap.distinguished_name keywords for request and response