zeek/scripts/base/protocols/ntlm at a176e053ca30a22e0ab33703c050794e2eb8e7d6 - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

History

Seth Hall a176e053ca Improve NTLM authentication logging. If only one side of a connection was seen, the ntlm.log would indicate that the authentication failed. This has been modified so that the success is listed as null since it's not known whether or not the authentication was successful. It can be inferred from continued SMB analysis though because activity will continue taking place. I changed it though because the log shouldn't assume more than what it sees.	2016-04-13 12:26:07 -04:00
..
__load__.bro	Complete breakout of SMB, GSSAPI, and NTLM	2016-04-03 04:17:20 -04:00
main.bro	Improve NTLM authentication logging.	2016-04-13 12:26:07 -04:00

Seth Hall a176e053ca Improve NTLM authentication logging.

If only one side of a connection was seen, the ntlm.log
would indicate that the authentication failed.  This has been
modified so that the success is listed as null since it's not
known whether or not the authentication was successful.

It can be inferred from continued SMB analysis though because
activity will continue taking place.  I changed it though
because the log shouldn't assume more than what it sees.

2016-04-13 12:26:07 -04:00

__load__.bro

Complete breakout of SMB, GSSAPI, and NTLM

2016-04-03 04:17:20 -04:00

main.bro

Improve NTLM authentication logging.

2016-04-13 12:26:07 -04:00