]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 16dcee4) | patch
detect: add ldap.responses.dn
authorAlice Akaki <akakialice@gmail.com>
Thu, 6 Feb 2025 04:16:20 +0000 (00:16 -0400)
committerVictor Julien <victor@inliniac.net>
Fri, 21 Feb 2025 13:57:14 +0000 (14:57 +0100)
commit73ae6e997f6c325b9ef2df8f715f921be441b5b0
treec0dacdd14ecd06fe740e8dc49ffe2fd5d6899ee2tree
parent16dcee46fc8a9f15f07535ff60658492c5c04baacommit | diff
detect: add ldap.responses.dn

ldap.responses.dn matches on LDAPDN from responses operations
This keyword maps the following eve fields:
ldap.responses[].search_result_entry.base_object
ldap.responses[].bind_response.matched_dn
ldap.responses[].search_result_done.matched_dn
ldap.responses[].modify_response.matched_dn
ldap.responses[].add_response.matched_dn
ldap.responses[].del_response.matched_dn
ldap.responses[].mod_dn_response.matched_dn
ldap.responses[].compare_response.matched_dn
ldap.responses[].extended_response.matched_dn
It is a sticky buffer
Supports prefiltering

Ticket: #7471
doc/userguide/rules/ldap-keywords.rst diff | blob | blame | history
rust/src/ldap/detect.rs diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git