Feature #7536
open
detect/ldap: add keywords for LDAP BindRequest
Added by Alice da Silva Akaki 3 months ago.
Updated about 2 months ago.
Description
ldap.bind_request.version, an integer between 1 and 127
ldap.bind_request.authentication, enum + an octet string
Eve fields to match:
ldap.request.bind_request.version
ldap.request.bind_request.sasl.mechanism
ldap.request.bind_request.sasl.credentials
Related issues
2 (2 open — 0 closed)
- Blocks Task #7452: ldap: add keywords to match output added
ldap.bind_request.authentication is an enum + an octet string...
- Description updated (diff)
- Subject changed from detect: add keywords for BindRequest to detect/ldap: add keywords for LDAP BindRequest
- Priority changed from Normal to High
Idea for ldap.request.bind.auth keyword : have it a sticky buffer but with required option, like ldap.request.bind.auth: sasl; content: "toto"; and the parser only accepts the 4 different auth mechanisms defined in ldap asn1
- Related to Feature #7470: detect/ldap: add ldap.bind.version keyword added
Also available in: Atom
PDF