suricata

Commit Graph

Author	SHA1	Message	Date
Shivani Bhardwaj	a7535099b4	smb/eve: convert to jsonbuilder Closes redmine ticket 3712.	5 years ago
Shivani Bhardwaj	80adf7d1cf	smb: Import constants from DCERPC Remove DCERPC constants to avoid duplicate name errors. Import the required constants from DCERPC implementation.	5 years ago
Jason Ish	42e5065ab8	rust: update to Rust 2018 with cargo fix Migrate to Rust 2018 edition. Credit to Danny Browning for first demontrating this: https://github.com/OISF/suricata/pull/3604/commits	6 years ago
Victor Julien	3f6624bf16	rust: remove libc crate dependency Use std::os::raw instead.	6 years ago
Victor Julien	ac4e888597	smb2/dcerpc: probe if response data is dcerpc If we missed the tree connect we can't know for sure if we're reading from a (DCERPC) PIPE or not. In this case probe the data to see if it looks like DCERPC. If the detection succeeds, use a special 'suricata::dcerpc' service in the TX. Simplify handling of DCERPC records that cross records Update logging for the response only TXs.	7 years ago
Victor Julien	2b581cd6db	smb: log trans2 that enable delete on close	7 years ago
Pierre Chifflier	576b8ef722	SMB: simplify code	7 years ago
Pierre Chifflier	cf5de0c58e	SMB: use String::from_utf8_lossy in logging functions	7 years ago
Pierre Chifflier	b5529e4ffb	SMB: use kerberos-parser to extract Real and PrincipalName	7 years ago
Victor Julien	8eeda113c8	smb1: add parsing for RENAME command	7 years ago
Victor Julien	7b61f2c589	smb2: log renames	7 years ago
Victor Julien	71742ed52b	smb: share can't be <share_root>	7 years ago
Victor Julien	fb986abe81	smb: log file FID/GUID as fuid	7 years ago
Victor Julien	816bd022a6	smb1: improve non nt-status handling Support SRV error, with a couple of codes. Rename statux field to status_code.	7 years ago
Victor Julien	5c26020714	smb2: add ioctl transactions to log the funcs	7 years ago
Victor Julien	75265ec376	smb2: map ioctl funcs to names List is based on Wireshark's list.	7 years ago
Victor Julien	7cd66516f0	smb: use formal MS names for disposition	7 years ago
Victor Julien	f7ed749d4f	smb: disable debug output	7 years ago
Victor Julien	6d56edc3de	smb2: log client and server guid from negotiate	7 years ago
Victor Julien	c56f5e11ca	smb2: log share type	7 years ago
Victor Julien	d75ebdb981	smb: log create empty filename as '<share_root>' like Bro does	7 years ago
Victor Julien	fcbeab70a4	smb1: log create 'service' fields	7 years ago
Victor Julien	c91242e71c	smb: rename file to filename in output	7 years ago
Victor Julien	0e05ef7369	smb2: parse and log timestamps in CREATE	7 years ago
Victor Julien	8bef120898	smb: session setup improvements Improve ntlmssp version extraction and logging, make its data structures optional. Extract native os/lm from smb1 ssn setup. Move session setup handling into their own files. Only log auth data for the session setup tx.	7 years ago
Victor Julien	75d7c9d64a	rust/smb: initial support Implement SMB app-layer parser for SMB1/2/3. Features: - file extraction - eve logging - existing dce keyword support - smb_share/smb_named_pipe keyword support (stickybuffers) - auth meta data extraction (ntlmssp, kerberos5)	7 years ago

26 Commits (a7535099b46f5306633acf56d2ea32e6dfd7145d)