Feature #7533: detect: add ldap.request.attribute_type and ldap.request.attribute keywords, and same for responses - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #7533

open

detect: add ldap.request.attribute_type and ldap.request.attribute keywords, and same for responses

Added by Alice da Silva Akaki 5 days ago. Updated 2 days ago.

Status:

New

Priority:

High

Assignee:

OISF Dev

Target version:

8.0.0

Effort:

Difficulty:

Label:

Description

Add keywords to match on AttributeType and AttributeValue

Eve fields to match:
ldap.request.search_request.attributes[]
ldap.request.modify_request.changes[].modification.attribute_type
ldap.request.add_request.attributes[].name
ldap.request.compare_request.attribute_value_assertion.description
ldap.responses[].search_result_entry.attributes[].type

ldap.request.modify_request.changes[].modification.attribute_values[]
ldap.request.add_request.attributes[].values[]
ldap.responses[].search_result_entry.attributes[].values[]
ldap.request.compare_request.attribute_value_assertion.value

Related issues 1 (1 open — 0 closed)

Actions

Copy link

Updated by Philippe Antoine 3 days ago

Subject changed from detect: add ldap.request.attribute and ldap.responses.attribute keywords to detect: add ldap.request.attribute_type and ldap.request.attribute keywords, and same for responses

Actions

Copy link