Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

RDP: Update existing baselines with new client_channels field

Browse source
This commit is contained in:
Vlad Grigorescu 2019-05-28 09:31:32 -05:00
parent 8eb14fcb83
commit 85fc553136
3 changed files with 17 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

12
testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log
View file

@ -3,9 +3,9 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path rdp #path rdp
#open 2016-07-13-16-16-47 #open 2019-05-28-14-29-19
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol client_channels keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method
#types time string addr port addr port string string string string string string string count count string string count bool string string #types time string addr port addr port string string string vector[string] string string string string count count string string count bool string string
1193369795.014346 CHhAvVGS1DHFjwGM9 172.21.128.16 1311 10.226.24.52 3389 FTBCO\\A70 SSL_NOT_ALLOWED_BY_SERVER - - - - - - - - - 0 - - - 1193369795.014346 CHhAvVGS1DHFjwGM9 172.21.128.16 1311 10.226.24.52 3389 FTBCO\\A70 SSL_NOT_ALLOWED_BY_SERVER - - - - - - - - - - 0 - - -
1193369797.582740 ClEkJM2Vm5giqnMf4h 172.21.128.16 1312 10.226.24.52 3389 FTBCO\\A70 Success RDP English - United States RDP 6.0 FROG-POND (empty) 1152 864 32bit RSA 1 T High 128bit 1193369797.582740 ClEkJM2Vm5giqnMf4h 172.21.128.16 1312 10.226.24.52 3389 FTBCO\\A70 Success RDP rdpdr,rdpsnd,drdynvc,cliprdr English - United States RDP 6.0 FROG-POND (empty) 1152 864 32bit RSA 1 T High 128bit
#close 2016-07-13-16-16-48 #close 2019-05-28-14-29-19

12
testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log
View file

@ -3,9 +3,9 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path rdp #path rdp
#open 2016-07-13-16-16-48 #open 2019-05-28-14-29-20
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol client_channels keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method
#types time string addr port addr port string string string string string string string count count string string count bool string string #types time string addr port addr port string string string vector[string] string string string string count count string string count bool string string
1297551041.284715 CHhAvVGS1DHFjwGM9 192.168.1.200 49206 192.168.1.150 3389 AWAKECODI encrypted HYBRID - - - - - - - - 0 - - - 1297551041.284715 CHhAvVGS1DHFjwGM9 192.168.1.200 49206 192.168.1.150 3389 AWAKECODI encrypted HYBRID - - - - - - - - - 0 - - -
1297551078.958821 ClEkJM2Vm5giqnMf4h 192.168.1.200 49207 192.168.1.150 3389 AWAKECODI encrypted HYBRID - - - - - - - - 0 - - - 1297551078.958821 ClEkJM2Vm5giqnMf4h 192.168.1.200 49207 192.168.1.150 3389 AWAKECODI encrypted HYBRID - - - - - - - - - 0 - - -
#close 2016-07-13-16-16-48 #close 2019-05-28-14-29-20

10
testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log
View file

@ -3,8 +3,8 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path rdp #path rdp
#open 2016-07-13-16-16-49 #open 2019-05-28-14-29-20
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol client_channels keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method
#types time string addr port addr port string string string string string string string count count string string count bool string string #types time string addr port addr port string string string vector[string] string string string string count count string string count bool string string
1423755598.202845 CHhAvVGS1DHFjwGM9 192.168.1.1 54990 192.168.1.2 3389 JOHN-PC Success RDP English - United States RDP 8.1 JOHN-PC-LAPTOP 3c571ed0-3415-474b-ae94-74e151b 1920 1080 16bit X.509 2 F Client compatible 128bit 1423755598.202845 CHhAvVGS1DHFjwGM9 192.168.1.1 54990 192.168.1.2 3389 JOHN-PC Success RDP rdpdr,rdpsnd,cliprdr,drdynvc English - United States RDP 8.1 JOHN-PC-LAPTOP 3c571ed0-3415-474b-ae94-74e151b 1920 1080 16bit X.509 2 F Client compatible 128bit
#close 2016-07-13-16-16-49 #close 2019-05-28-14-29-20