Merge remote-tracking branch 'origin/topic/awelzel/3935-dce-rpc-named-pipe-docs'

* origin/topic/awelzel/3935-dce-rpc-named-pipe-docs:
  dce-rpc: Make named_pipe filed docs extensive

CHANGES

@@ -1,3 +1,9 @@
+8.0.0-dev.770 | 2025-07-28 14:18:15 -0700
+
+  * dce-rpc: Make named_pipe filed docs extensive (Arne Welzel, Corelight)
+
+    Closes #3935
+
 8.0.0-dev.768 | 2025-07-28 14:16:16 -0700
 
   * Fix parsing of EDNS rcode (Johanna Amann, Corelight)

VERSION

@@ -1 +1 @@
-8.0.0-dev.768
+8.0.0-dev.770

scripts/base/protocols/dce-rpc/main.zeek

@@ -21,6 +21,18 @@ export {
 		rtt        : interval &log &optional;
 
 		## Remote pipe name.
+		##
+		## Note that this value is from the "sec_addr" field in the
+		## protocol. Zeek uses the "named_pipe" name for historical reasons,
+		## but it may also contain local port numbers rather than named pipes.
+		##
+		## If you prefer to use the "secondary address" name, consider
+		## using :zeek:see:`Log::default_field_name_map`, a ``Log::Filter``'s
+		## :zeek:field:`Log::Filter$field_name_map` field, or removing
+		## the :zeek:attr:`&log` attribute from this field, adding a
+		## new :zeek:field:`sec_addr` field and populating it in a custom
+		## :zeek:see:`dce_rpc_bind_ack` event handler based on the
+		## :zeek:field:`named_pipe` value.
 		named_pipe : string   &log &optional;
 		## Endpoint name looked up from the uuid.
 		endpoint   : string   &log &optional;