Feature #8403: smb: add samr_UserInfo details to EVE logs - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8403

open

smb: add samr_UserInfo details to EVE logs

Feature #8403: smb: add samr_UserInfo details to EVE logs

Added by Juliana Fajardini Reichow about 2 months ago. Updated about 2 months ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

9.0.0-beta1

Effort:

Difficulty:

Label:

Description

samr_UserInfo such as Account Name and Full Name is available in the SMB payload, and we can potentially
detect credential theft with them, but they're not exposed as JSON fields in our logs.

These are good candidates to be logged.

I've added a pcap to #5685 that has these fields as example on packet 339.

Related issues 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #8403

smb: add samr_UserInfo details to EVE logs

VJ Updated by Victor Julien about 2 months ago Actions
Copy link
#1

VJ Updated by Victor Julien about 2 months ago Actions
Copy link
#2

Project

General

Profile

Suricata

Custom queries

Feature #8403

smb: add samr_UserInfo details to EVE logs

VJ Updated by Victor Julien about 2 months ago ActionsCopy link #1

VJ Updated by Victor Julien about 2 months ago ActionsCopy link #2

VJ Updated by Victor Julien about 2 months ago Actions
Copy link
#1

VJ Updated by Victor Julien about 2 months ago Actions
Copy link
#2