Feature #7536
opendetect/ldap: add keywords for LDAP BindRequest
Description
ldap.bind_request.version, an integer between 1 and 127
ldap.bind_request.authentication, enum + an octet string
Eve fields to match:
ldap.request.bind_request.version
ldap.request.bind_request.sasl.mechanism
ldap.request.bind_request.sasl.credentials
PA Updated by Philippe Antoine about 1 year ago
- Blocks Task #7452: ldap: add keywords to match output added
PA Updated by Philippe Antoine about 1 year ago
ldap.bind_request.authentication is an enum + an octet string...
AD Updated by Alice da Silva Akaki about 1 year ago
- Description updated (diff)
AD Updated by Alice da Silva Akaki about 1 year ago
- Subject changed from detect: add keywords for BindRequest to detect/ldap: add keywords for LDAP BindRequest
PA Updated by Philippe Antoine about 1 year ago
- Priority changed from Normal to High
The authentication is especially interesting according to https://suricon.net/wp-content/uploads/2024/12/SuriCon2024-Pierre-Chifflier_Adding-LDAP-to-Suricata.pdf
PA Updated by Philippe Antoine about 1 year ago
Idea for ldap.request.bind.auth keyword : have it a sticky buffer but with required option, like ldap.request.bind.auth: sasl; content: "toto"; and the parser only accepts the 4 different auth mechanisms defined in ldap asn1
PA Updated by Philippe Antoine about 1 year ago
- Related to Feature #7470: detect/ldap: add ldap.bind.version keyword added
PA Updated by Philippe Antoine 10 months ago
- Target version changed from 8.0.0 to 9.0.0-beta1
JF Updated by Juliana Fajardini Reichow 4 months ago
- Assignee changed from Alice da Silva Akaki to OISF Dev
Hi there, considering our stale tickets policy, I'm unclaiming this ticket. Feel free to ask to work on this or another again, if you have time in the future :)