Project

General

Profile

Actions
Copy link

Feature #7532

closed
AD AD

detect/ldap: add keywords for LDAPResult

Feature #7532: detect/ldap: add keywords for LDAPResult

Added by Alice da Silva Akaki about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
High
Assignee:
Alice da Silva Akaki
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Add keyword ldap.responses.result_code to match on the LDAPResult field resultCode which is an enum

Add keyword ldap.responses.message to match on the LDAPResult field errorMessage which is an octet string

Eve fields to match:
ldap.responses[].bind_response.result_code
ldap.responses[].bind_response.message
ldap.responses[].search_result_done.result_code
ldap.responses[].search_result_done.message
ldap.responses[].modify_response.result_code
ldap.responses[].modify_response.message
ldap.responses[].add_response.result_code
ldap.responses[].add_response.message
ldap.responses[].del_response.result_code
ldap.responses[].del_response.message
ldap.responses[].mod_dn_response.result_code
ldap.responses[].mod_dn_response.message
ldap.responses[].compare_response.result_code
ldap.responses[].compare_response.message
ldap.responses[].extended_response.result_code
ldap.responses[].extended_response.message

Related issues 1 (1 open0 closed)

Blocks Suricata - Task #7452: ldap: add keywords to match outputIn ProgressOISF DevActions

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #1

  • Description updated (diff)

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #2

  • Blocks Task #7452: ldap: add keywords to match output added

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #3

There is no ldap.request.result_code it is only in responses right ?

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #4

  • Description updated (diff)

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #5

Philippe Antoine wrote in #note-3:

There is no ldap.request.result_code it is only in responses right ?

yes, it is fixed now

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #6

  • Status changed from New to In Progress

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #7

  • Status changed from In Progress to In Review

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #8

  • Description updated (diff)

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #9

  • Subject changed from detect: add keywords for LDAPResult to detect/ldap: add keywords for LDAPResult

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #10

  • Target version changed from 8.0.0 to 8.0.0-beta1

AD Updated by Alice da Silva Akaki about 1 year ago Actions
Copy link
 #11

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: PDF Atom