Project

General

Profile

Actions
Copy link

Feature #8403

open

smb: add samr_UserInfo details to EVE logs

Added by Juliana Fajardini Reichow 1 day ago. Updated about 12 hours ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

samr_UserInfo such as Account Name and Full Name is available in the SMB payload, and we can potentially
detect credential theft with them, but they're not exposed as JSON fields in our logs.

These are good candidates to be logged.

I've added a pcap to #5685 that has these fields as example on packet 339.

Related issues 1 (1 open0 closed)

Related to Suricata - Task #5685: tracking: active directory protocols supportAssignedVictor JulienActions
Actions
Copy link

Also available in: Atom PDF