suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	edd0c2246c	smb1: add SMB1_COMMAND_QUERY_INFO_DISK command mapping	7 years ago
Victor Julien	2b581cd6db	smb: log trans2 that enable delete on close	7 years ago
Victor Julien	eefac0ef95	smb1: add support for trans2 set_path_info rename	7 years ago
Victor Julien	1b86d4e1a2	smb: improve dcerpc logic Detect whether a pipe is a dcerpc channel based on the name of the pipe.	7 years ago
Victor Julien	4d58aaae90	smb: clean up partial read/write record handling	8 years ago
Victor Julien	aa8d64c2b8	smb: improve skip handling When skipping records the skip tracker could underflow if the record parsing had more data than expected. Enforce the calculation by moving it into a method and make the actual fields private.	8 years ago
Victor Julien	ea1e13cb00	smb: suppress notice messages	8 years ago
Victor Julien	0dfb3f0e7f	smb1: extract rename info from TRANS2 Exclude TRANS2 from generic TX lookup bypass.	8 years ago
Victor Julien	8eeda113c8	smb1: add parsing for RENAME command	8 years ago
Victor Julien	15978d4e85	smb: if filename is missing, use '<unknown>'	8 years ago
Victor Julien	bc193242ad	smb1: add OPEN_ANDX command name for logging	8 years ago
Victor Julien	32b19fac99	smb2: don't log/track each READ/WRITE/etc	8 years ago
Victor Julien	fb986abe81	smb: log file FID/GUID as fuid	8 years ago
Victor Julien	eed492547c	smb1: extract server guid from negotiate	8 years ago
Victor Julien	fcbeab70a4	smb1: log create 'service' fields	8 years ago
Victor Julien	90e2abaac4	smb1: use generic string parsing for trans	8 years ago
Victor Julien	668c747aee	smb1: more exact tree connect record parsing	8 years ago
Victor Julien	0ed00cf104	smb: move common parsing funcs into own file	8 years ago
Victor Julien	1d4aac1d4d	smb1: set event on empty/malformed dialect	8 years ago
Victor Julien	caf29e92b3	smb1: parse and log timestamps in CREATE	8 years ago
Victor Julien	28f16e38ac	smb1: disable 'generic tx's for common commands Don't create a generic TX for each READ, WRITE, TRANS, TRANS2, except if they cause events to trigger.	8 years ago
Victor Julien	78cd92a933	smb: generic event per trans/read/write for tx events	8 years ago
Victor Julien	05992f1772	smb: fix event handling when no tx is available	8 years ago
Victor Julien	be615c9fbc	smb: small cleanups, fixes and optimizations	8 years ago
Victor Julien	ad1bc7f473	smb1: minor debug improvment	8 years ago
Victor Julien	170edf7c44	smb1: improve error handling	8 years ago
Victor Julien	98b926bf72	smb1: implement WRITE_AND_CLOSE	8 years ago
Victor Julien	595557eb8d	smb1: locking andx may have no response	8 years ago
Victor Julien	8bef120898	smb: session setup improvements Improve ntlmssp version extraction and logging, make its data structures optional. Extract native os/lm from smb1 ssn setup. Move session setup handling into their own files. Only log auth data for the session setup tx.	8 years ago
Victor Julien	75d7c9d64a	rust/smb: initial support Implement SMB app-layer parser for SMB1/2/3. Features: - file extraction - eve logging - existing dce keyword support - smb_share/smb_named_pipe keyword support (stickybuffers) - auth meta data extraction (ntlmssp, kerberos5)	8 years ago

30 Commits (13918be589c69f547ad44972f5f5d0ed59c805fa)