--- /dev/null
+requires:
+ min-version: 6.0
+
+args:
+- -k none
+
+checks:
+- filter:
+ count: 1
+ match:
+ dcerpc.request: REQUEST_LOST
+ dcerpc.response: UNREPLIED
+ dest_ip: 141.81.0.10
+ dest_port: 33000
+ event_type: dcerpc
+ pcap_cnt: 1169
+ proto: UDP
+ src_ip: 141.81.0.11
+ src_port: 33002
+- filter:
+ count: 1
+ match:
+ dest_ip: 141.81.0.10
+ dest_port: 139
+ event_type: smb
+ pcap_cnt: 3704
+ proto: TCP
+ smb.client_dialects[0]: PC NETWORK PROGRAM 1.0
+ smb.client_dialects[1]: LANMAN1.0
+ smb.client_dialects[2]: Windows for Workgroups 3.1a
+ smb.client_dialects[3]: LM1.2X002
+ smb.client_dialects[4]: LANMAN2.1
+ smb.client_dialects[5]: NT LM 0.12
+ smb.command: SMB1_COMMAND_NEGOTIATE_PROTOCOL
+ smb.dialect: NT LM 0.12
+ smb.id: 1
+ smb.server_guid: d523159e-e4af-4a9e-7b9b-4e318c6f6f36
+ smb.session_id: 0
+ smb.status: STATUS_SUCCESS
+ smb.status_code: '0x0'
+ smb.tree_id: 0
+ src_ip: 141.81.0.182
+ src_port: 4548
+- filter:
+ count: 1
+ match:
+ dest_ip: 141.81.0.10
+ dest_port: 139
+ event_type: smb
+ pcap_cnt: 3709
+ proto: TCP
+ smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
+ smb.dialect: NT LM 0.12
+ smb.id: 2
+ smb.request.native_lm: Windows 2002 5.1
+ smb.request.native_os: Windows 2002 Service Pack 3 2600
+ smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
+ smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
+ smb.session_id: 57346
+ smb.status: STATUS_MORE_PROCESSING_REQUIRED
+ smb.status_code: '0xc0000016'
+ smb.tree_id: 0
+ src_ip: 141.81.0.182
+ src_port: 4548
+- filter:
+ count: 1
+ match:
+ dest_ip: 141.81.0.10
+ dest_port: 139
+ event_type: smb
+ pcap_cnt: 3714
+ proto: TCP
+ smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
+ smb.dialect: NT LM 0.12
+ smb.id: 3
+ smb.ntlmssp.domain: ''
+ smb.ntlmssp.host: PANELPC02
+ smb.ntlmssp.user: ''
+ smb.request.native_lm: Windows 2002 5.1
+ smb.request.native_os: Windows 2002 Service Pack 3 2600
+ smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
+ smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
+ smb.session_id: 57346
+ smb.status: STATUS_SUCCESS
+ smb.status_code: '0x0'
+ smb.tree_id: 0
+ src_ip: 141.81.0.182
+ src_port: 4548
+- filter:
+ count: 1
+ match:
+ dest_ip: 141.81.0.10
+ dest_port: 139
+ event_type: smb
+ pcap_cnt: 3718
+ proto: TCP
+ smb.command: SMB1_COMMAND_TREE_CONNECT_ANDX
+ smb.dialect: NT LM 0.12
+ smb.id: 4
+ smb.named_pipe: \IAS01\IPC$
+ smb.service.request: ?????
+ smb.service.response: IPC
+ smb.session_id: 57346
+ smb.status: STATUS_SUCCESS
+ smb.status_code: '0x0'
+ smb.tree_id: 57349
+ src_ip: 141.81.0.182
+ src_port: 4548
+- filter:
+ count: 1
+ match:
+ dest_ip: 141.81.0.10
+ dest_port: 139
+ event_type: smb
+ pcap_cnt: 3721
+ proto: TCP
+ smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
+ smb.dialect: NT LM 0.12
+ smb.id: 5
+ smb.request.native_lm: Windows 2002 5.1
+ smb.request.native_os: Windows 2002 Service Pack 3 2600
+ smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
+ smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
+ smb.session_id: 12291
+ smb.status: STATUS_MORE_PROCESSING_REQUIRED
+ smb.status_code: '0xc0000016'
+ smb.tree_id: 0
+ src_ip: 141.81.0.182
+ src_port: 4548
+- filter:
+ count: 1
+ match:
+ dest_ip: 141.81.0.10
+ dest_port: 139
+ event_type: smb
+ pcap_cnt: 3729
+ proto: TCP
+ smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
+ smb.dialect: NT LM 0.12
+ smb.id: 6
+ smb.ntlmssp.domain: PANELPC02
+ smb.ntlmssp.host: PANELPC02
+ smb.ntlmssp.user: Administrator
+ smb.request.native_lm: Windows 2002 5.1
+ smb.request.native_os: Windows 2002 Service Pack 3 2600
+ smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
+ smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
+ smb.session_id: 12291
+ smb.status: STATUS_SUCCESS
+ smb.status_code: '0x0'
+ smb.tree_id: 0
+ src_ip: 141.81.0.182
+ src_port: 4548
+- filter:
+ count: 1
+ match:
+ dest_ip: 141.81.0.10
+ dest_port: 139
+ event_type: smb
+ pcap_cnt: 3731
+ proto: TCP
+ smb.command: SMB1_COMMAND_TREE_CONNECT_ANDX
+ smb.dialect: NT LM 0.12
+ smb.id: 7
+ smb.service.request: ?????
+ smb.session_id: 12291
+ smb.share: \IAS01\ARCHESTRA-ENGWESTBURY-INTOUCHVIEWAPP_PANELPC02
+ smb.status: STATUS_BAD_NETWORK_NAME
+ smb.status_code: '0xc00000cc'
+ smb.tree_id: 0
+ src_ip: 141.81.0.182
+ src_port: 4548
+- filter:
+ count: 1
+ match:
+ dest_ip: 141.81.0.10
+ dest_port: 139
+ event_type: smb
+ pcap_cnt: 3844
+ proto: TCP
+ smb.command: SMB1_COMMAND_LOGOFF_ANDX
+ smb.dialect: NT LM 0.12
+ smb.id: 8
+ smb.session_id: 12291
+ smb.status: STATUS_SUCCESS
+ smb.status_code: '0x0'
+ smb.tree_id: 0
+ src_ip: 141.81.0.182
+ src_port: 4548
+- filter:
+ count: 1
+ match:
+ dcerpc.call_id: 17305
+ dcerpc.interfaces[0].ack_result: 0
+ dcerpc.interfaces[0].uuid: 99fcfec4-5260-101b-bbcb-00aa0021347a
+ dcerpc.interfaces[0].version: '0.0'
+ dcerpc.request: BIND
+ dcerpc.response: BINDACK
+ dcerpc.rpc_version: '5.0'
+ dest_ip: 141.81.0.10
+ dest_port: 135
+ event_type: dcerpc
+ pcap_cnt: 5051
+ proto: TCP
+ src_ip: 141.81.0.187
+ src_port: 3802
+- filter:
+ count: 1
+ match:
+ dest_ip: 141.81.0.10
+ dest_port: 139
+ event_type: smb
+ pcap_cnt: 10846
+ proto: TCP
+ smb.command: SMB1_COMMAND_LOGOFF_ANDX
+ smb.dialect: NT LM 0.12
+ smb.id: 9
+ smb.session_id: 57346
+ smb.status: STATUS_SUCCESS
+ smb.status_code: '0x0'
+ smb.tree_id: 0
+ src_ip: 141.81.0.182
+ src_port: 4548
+- filter:
+ count: 1
+ match:
+ dest_ip: 141.81.0.10
+ dest_port: 139
+ event_type: smb
+ pcap_cnt: 10849
+ proto: TCP
+ smb.command: SMB1_COMMAND_TREE_DISCONNECT
+ smb.dialect: NT LM 0.12
+ smb.id: 10
+ smb.session_id: 57346
+ smb.status: STATUS_SUCCESS
+ smb.status_code: '0x0'
+ smb.tree_id: 57349
+ src_ip: 141.81.0.182
+ src_port: 4548
projects / thirdparty / suricata-verify.git / commitdiff
