Feature #8403: smb: add samr_UserInfo details to EVE logs - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8403

open

smb: add samr_UserInfo details to EVE logs

Feature #8403: smb: add samr_UserInfo details to EVE logs

Added by Juliana Fajardini Reichow 29 days ago. Updated 28 days ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

9.0.0-beta1

Effort:

Difficulty:

Label:

Description

samr_UserInfo such as Account Name and Full Name is available in the SMB payload, and we can potentially
detect credential theft with them, but they're not exposed as JSON fields in our logs.

These are good candidates to be logged.

I've added a pcap to #5685 that has these fields as example on packet 339.

Related issues 1 (1 open — 0 closed)

History
Property changes

VJ Updated by Victor Julien 28 days ago Actions
Copy link
#1

Description updated (diff)

VJ Updated by Victor Julien 28 days ago Actions
Copy link
#2

Related to Task #5685: tracking: active directory protocols support added

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #8403

smb: add samr_UserInfo details to EVE logs

VJ Updated by Victor Julien 28 days ago Actions
Copy link
#1

VJ Updated by Victor Julien 28 days ago Actions
Copy link
#2

Project

General

Profile

Suricata

Custom queries

Feature #8403

smb: add samr_UserInfo details to EVE logs

VJ Updated by Victor Julien 28 days ago ActionsCopy link #1

VJ Updated by Victor Julien 28 days ago ActionsCopy link #2

VJ Updated by Victor Julien 28 days ago Actions
Copy link
#1

VJ Updated by Victor Julien 28 days ago Actions
Copy link
#2