]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ef0ebc9)
alert/eve: add snmp metadata for rdp alerts
authorJason Ish <jason.ish@oisf.net>
Tue, 4 Aug 2020 22:27:30 +0000 (16:27 -0600)
committerVictor Julien <victor@inliniac.net>
Wed, 5 Aug 2020 11:50:53 +0000 (13:50 +0200)
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3441

src/output-json-alert.c patch | blob | blame | history

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index ca8e3ba63554e731cadb06add12ee57d118199c8..a6dfe1142fc5949b7f7140eb776ab571a280651c 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -233,6 +233,22 @@ static void AlertJsonSNMP(const Flow *f, const uint64_t tx_id, JsonBuilder *js)
     }
 }
 
+static void AlertJsonRDP(const Flow *f, const uint64_t tx_id, JsonBuilder *js)
+{
+    void *rdp_state = (void *)FlowGetAppState(f);
+    if (rdp_state != NULL) {
+        void *tx = AppLayerParserGetTx(f->proto, ALPROTO_RDP, rdp_state,
+                tx_id);
+        if (tx != NULL) {
+            JsonBuilderMark mark = { 0, 0, 0 };
+            jb_get_mark(js, &mark);
+            if (!rs_rdp_to_json(tx, js)) {
+                jb_restore_mark(js, &mark);
+            }
+        }
+    }
+}
+
 static void AlertJsonSourceTarget(const Packet *p, const PacketAlert *pa,
                                   JsonBuilder *js, JsonAddrInfo *addr)
 {
@@ -500,6 +516,9 @@ static void AlertAddAppLayer(const Packet *p, JsonBuilder *jb,
         case ALPROTO_SNMP:
             AlertJsonSNMP(p->flow, tx_id, jb);
             break;
+        case ALPROTO_RDP:
+            AlertJsonRDP(p->flow, tx_id, jb);
+            break;
         default:
             break;
     }
Mirror of https://github.com/OISF/suricata.git