Project

General

Profile

Actions
Copy link

Bug #7530

closed

Kerberos: sname/cname code and suricata documentation both wrong

Added by campbell robertson 5 months ago. Updated 3 days ago.

Status:
Rejected
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:
Beginner

Description

In the suricata documentation the cname and sname are described as client and server name. https://docs.suricata.io/en/latest/rules/kerberos-keywords.html
But the suricata code in github, describe the krb5_cname and krb5_sname as their respective principal name:

These were contradicting, so we did a test and it looks like the the krb5_cname is the client service principal and the sname is the destination server, so it appears that both the docs and the code documentation is wrong.

Files

Screenshot 2025-01-30 at 1.47.18 PM.png (52.5 KB) Screenshot 2025-01-30 at 1.47.18 PM.png campbell robertson, 01/30/2025 07:47 PM

Related issues 1 (1 open0 closed)

Related to Suricata - Documentation #6566: userguide: add description for missing EVE krb fieldsIn ReviewPhilippe AntoineActions
Actions
Copy link

Also available in: Atom PDF