Feature #8403
Updated by Victor Julien about 12 hours ago
@samr_UserInfo@ such as @Account Name@ and @Full Name@ is available in the SMB payload, and we can potentially detect credential theft with them, but they're not exposed as JSON fields in our logs. These are good candidates to be logged. I've added a pcap to #5685 https://redmine.openinfosecfoundation.org/issues/5685 that has these fields as example on packet 339.