Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/doc/scripts/base/bif/plugins/Bro_RDP.events.bif.bro.rst
Jon Siwek 7e9d48f532 Remove broxygen Sphinx integration 
The broxygen-generated files now live in the git repo, have tests
that check that they are up-to-date, and a script to re-generate
them on-demand.
2018-12-18 10:15:22 -06:00

134 lines
4.2 KiB
ReStructuredText
Raw Blame History

:tocdepth: 3
base/bif/plugins/Bro_RDP.events.bif.bro
=======================================
.. bro:namespace:: GLOBAL
:Namespace: GLOBAL
Summary
~~~~~~~
Events
######
=========================================================== ================================================
:bro:id:`rdp_begin_encryption`: :bro:type:`event` Generated when an RDP session becomes encrypted.
:bro:id:`rdp_client_core_data`: :bro:type:`event` Generated for MCS client requests.
:bro:id:`rdp_connect_request`: :bro:type:`event` Generated for X.224 client requests.
:bro:id:`rdp_gcc_server_create_response`: :bro:type:`event` Generated for MCS server responses.
:bro:id:`rdp_negotiation_failure`: :bro:type:`event` Generated for RDP Negotiation Failure messages.
:bro:id:`rdp_negotiation_response`: :bro:type:`event` Generated for RDP Negotiation Response messages.
:bro:id:`rdp_server_certificate`: :bro:type:`event` Generated for a server certificate section.
:bro:id:`rdp_server_security`: :bro:type:`event` Generated for MCS server responses.
=========================================================== ================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Events
######
.. bro:id:: rdp_begin_encryption
:Type: :bro:type:`event` (c: :bro:type:`connection`, security_protocol: :bro:type:`count`)
Generated when an RDP session becomes encrypted.
:c: The connection record for the underlying transport-layer session/flow.
:security_protocol: The security protocol being used for the session.
.. bro:id:: rdp_client_core_data
:Type: :bro:type:`event` (c: :bro:type:`connection`, data: :bro:type:`RDP::ClientCoreData`)
Generated for MCS client requests.
:c: The connection record for the underlying transport-layer session/flow.
:data: The data contained in the client core data structure.
.. bro:id:: rdp_connect_request
:Type: :bro:type:`event` (c: :bro:type:`connection`, cookie: :bro:type:`string`)
Generated for X.224 client requests.
:c: The connection record for the underlying transport-layer session/flow.
:cookie: The cookie included in the request.
.. bro:id:: rdp_gcc_server_create_response
:Type: :bro:type:`event` (c: :bro:type:`connection`, result: :bro:type:`count`)
Generated for MCS server responses.
:c: The connection record for the underlying transport-layer session/flow.
:result: The 8-bit integer representing the GCC Conference Create Response result.
.. bro:id:: rdp_negotiation_failure
:Type: :bro:type:`event` (c: :bro:type:`connection`, failure_code: :bro:type:`count`)
Generated for RDP Negotiation Failure messages.
:c: The connection record for the underlying transport-layer session/flow.
:failure_code: The failure code sent by the server.
.. bro:id:: rdp_negotiation_response
:Type: :bro:type:`event` (c: :bro:type:`connection`, security_protocol: :bro:type:`count`)
Generated for RDP Negotiation Response messages.
:c: The connection record for the underlying transport-layer session/flow.
:security_protocol: The security protocol selected by the server.
.. bro:id:: rdp_server_certificate
:Type: :bro:type:`event` (c: :bro:type:`connection`, cert_type: :bro:type:`count`, permanently_issued: :bro:type:`bool`)
Generated for a server certificate section. If multiple X.509
certificates are included in chain, this event will still
only be generated a single time.
:c: The connection record for the underlying transport-layer session/flow.
:cert_type: Indicates the type of certificate.
:permanently_issued: Value will be true is the certificate(s) is permanent on the server.
.. bro:id:: rdp_server_security
:Type: :bro:type:`event` (c: :bro:type:`connection`, encryption_method: :bro:type:`count`, encryption_level: :bro:type:`count`)
Generated for MCS server responses.
:c: The connection record for the underlying transport-layer session/flow.
:encryption_method: The 32-bit integer representing the encryption method used in the connection.
:encryption_level: The 32-bit integer representing the encryption level used in the connection.
Reference in a new issue View git blame Copy permalink