From: Philippe Antoine Date: Tue, 17 Jun 2025 11:42:39 +0000 (+0200) Subject: doc: do not have bittorrent in the middle of SMB events X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9fc24564e9a0f7c6e6a2214f7b9ea3d26bb798a2;p=thirdparty%2Fsuricata.git doc: do not have bittorrent in the middle of SMB events (cherry picked from commit f907216e1ac7d3334114dff37fb8b6169fb0ffa7) --- diff --git a/doc/userguide/output/eve/eve-json-format.rst b/doc/userguide/output/eve/eve-json-format.rst index ed87414133..3f6fddd4a2 100644 --- a/doc/userguide/output/eve/eve-json-format.rst +++ b/doc/userguide/output/eve/eve-json-format.rst @@ -1325,6 +1325,74 @@ DCERPC BIND/BINDACK:: "call_id": 2 } +NTLMSSP fields +~~~~~~~~~~~~~~ + +* "domain" (string): the Windows domain. +* "user" (string): the user. +* "host" (string): the host. +* "version" (string): the client version. + +Example:: + + "ntlmssp": { + "domain": "VNET3", + "user": "administrator", + "host": "BLU", + "version": "60.230 build 13699 rev 188" + } + +More complete example:: + + "smb": { + "id": 3, + "dialect": "NT LM 0.12", + "command": "SMB1_COMMAND_SESSION_SETUP_ANDX", + "status": "STATUS_SUCCESS", + "status_code": "0x0", + "session_id": 2048, + "tree_id": 0, + "ntlmssp": { + "domain": "VNET3", + "user": "administrator", + "host": "BLU", + "version": "60.230 build 13699 rev 188" + }, + "request": { + "native_os": "Unix", + "native_lm": "Samba 3.9.0-SVN-build-11572" + }, + "response": { + "native_os": "Windows (TM) Code Name \"Longhorn\" Ultimate 5231", + "native_lm": "Windows (TM) Code Name \"Longhorn\" Ultimate 6.0" + } + } + +Kerberos fields +~~~~~~~~~~~~~~~ + +* "kerberos.realm" (string): the Kerberos Realm. +* "kerberos.snames (array of strings): snames. + +Example:: + + "smb": { + "dialect": "2.10", + "command": "SMB2_COMMAND_SESSION_SETUP", + "status": "STATUS_SUCCESS", + "status_code": "0x0", + "session_id": 35184439197745, + "tree_id": 0, + "kerberos": { + "realm": "CONTOSO.LOCAL", + "snames": [ + "cifs", + "DC1.contoso.local" + ] + } + } + + Event type: BITTORRENT-DHT -------------------------- @@ -1548,74 +1616,6 @@ Sample error responses:: } } -NTLMSSP fields -~~~~~~~~~~~~~~ - -* "domain" (string): the Windows domain. -* "user" (string): the user. -* "host" (string): the host. -* "version" (string): the client version. - -Example:: - - "ntlmssp": { - "domain": "VNET3", - "user": "administrator", - "host": "BLU", - "version": "60.230 build 13699 rev 188" - } - -More complete example:: - - "smb": { - "id": 3, - "dialect": "NT LM 0.12", - "command": "SMB1_COMMAND_SESSION_SETUP_ANDX", - "status": "STATUS_SUCCESS", - "status_code": "0x0", - "session_id": 2048, - "tree_id": 0, - "ntlmssp": { - "domain": "VNET3", - "user": "administrator", - "host": "BLU", - "version": "60.230 build 13699 rev 188" - }, - "request": { - "native_os": "Unix", - "native_lm": "Samba 3.9.0-SVN-build-11572" - }, - "response": { - "native_os": "Windows (TM) Code Name \"Longhorn\" Ultimate 5231", - "native_lm": "Windows (TM) Code Name \"Longhorn\" Ultimate 6.0" - } - } - -Kerberos fields -~~~~~~~~~~~~~~~ - -* "kerberos.realm" (string): the Kerberos Realm. -* "kerberos.snames (array of strings): snames. - -Example:: - - "smb": { - "dialect": "2.10", - "command": "SMB2_COMMAND_SESSION_SETUP", - "status": "STATUS_SUCCESS", - "status_code": "0x0", - "session_id": 35184439197745, - "tree_id": 0, - "kerberos": { - "realm": "CONTOSO.LOCAL", - "snames": [ - "cifs", - "DC1.contoso.local" - ] - } - } - - Event type: SSH ----------------