Feature #7536
opendetect/ldap: add keywords for LDAP BindRequest
Description
ldap.bind_request.version, an integer between 1 and 127
ldap.bind_request.authentication, enum + an octet string
Eve fields to match:
ldap.request.bind_request.version
ldap.request.bind_request.sasl.mechanism
ldap.request.bind_request.sasl.credentials
Updated by Philippe Antoine 11 months ago
- Blocks Task #7452: ldap: add keywords to match output added
Updated by Philippe Antoine 11 months ago
ldap.bind_request.authentication is an enum + an octet string...
Updated by Alice da Silva Akaki 10 months ago
- Subject changed from detect: add keywords for BindRequest to detect/ldap: add keywords for LDAP BindRequest
Updated by Philippe Antoine 10 months ago
- Priority changed from Normal to High
The authentication is especially interesting according to https://suricon.net/wp-content/uploads/2024/12/SuriCon2024-Pierre-Chifflier_Adding-LDAP-to-Suricata.pdf
Updated by Philippe Antoine 10 months ago
Idea for ldap.request.bind.auth keyword : have it a sticky buffer but with required option, like ldap.request.bind.auth: sasl; content: "toto"; and the parser only accepts the 4 different auth mechanisms defined in ldap asn1
Updated by Philippe Antoine 10 months ago
- Related to Feature #7470: detect/ldap: add ldap.bind.version keyword added
Updated by Philippe Antoine 7 months ago
- Target version changed from 8.0.0 to 9.0.0-beta1
Updated by Juliana Fajardini Reichow 13 days ago
- Assignee changed from Alice da Silva Akaki to OISF Dev
Hi there, considering our stale tickets policy, I'm unclaiming this ticket. Feel free to ask to work on this or another again, if you have time in the future :)