Project

General

Profile

Actions
Copy link

Feature #7532

open

detect: add keywords for LDAPResult

Added by Alice da Silva Akaki 5 days ago. Updated 1 day ago.

Status:
New
Priority:
High
Assignee:
Alice da Silva Akaki
Target version:
8.0.0
Effort:
Difficulty:
Label:

Description

Add keyword ldap.responses.result_code to match on the LDAPResult field resultCode which is an enum

Add keyword ldap.responses.error_message to match on the LDAPResult field errorMessage which is an octet string

Eve fields to match:
ldap.responses[].bind_response.result_code
ldap.responses[].bind_response.message
ldap.responses[].search_result_done.result_code
ldap.responses[].search_result_done.message
ldap.responses[].modify_response.result_code
ldap.responses[].modify_response.message
ldap.responses[].add_response.result_code
ldap.responses[].add_response.message
ldap.responses[].del_response.result_code
ldap.responses[].del_response.message
ldap.responses[].mod_dn_response.result_code
ldap.responses[].mod_dn_response.message
ldap.responses[].compare_response.result_code
ldap.responses[].compare_response.message
ldap.responses[].extended_response.result_code
ldap.responses[].extended_response.message

Related issues 1 (1 open0 closed)

Blocks Suricata - Task #7452: ldap: add keywords to match outputNewAlice da Silva AkakiActions
Actions
Copy link
 #1

Updated by Alice da Silva Akaki 5 days ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Philippe Antoine 3 days ago

  • Blocks Task #7452: ldap: add keywords to match output added
Actions
Copy link
 #3

Updated by Philippe Antoine 3 days ago

There is no ldap.request.result_code it is only in responses right ?

Actions
Copy link
 #4

Updated by Alice da Silva Akaki 1 day ago

  • Description updated (diff)
Actions
Copy link
 #5

Updated by Alice da Silva Akaki 1 day ago

Philippe Antoine wrote in #note-3:

There is no ldap.request.result_code it is only in responses right ?

yes, it is fixed now

Actions
Copy link

Also available in: Atom PDF