mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
f45e057779
- New fields for certificate type, number of certificates, if certificates are permanent on the server, and the selected security protocol. - Fixed some issues with X.509 certificate handling over RDP (the event handler wasn't sufficiently constrained). - Better detection of and transition into encrypted mode. No more binpac parse failures from the test traces anymore! - Some event name clean up and new events. - X.509 Certificate chains are now handled correctly (was only grabbing a single certificate).
11 lines
869 B
Text
11 lines
869 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path rdp
|
|
#open 2015-03-05-06-05-01
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent selected_security_protocol encryption_level encryption_method
|
|
#types time string addr port addr port string string string string string string count count string string count bool string string string
|
|
1193369795.014346 CXWv6p3arKYeMETxOg 172.21.128.16 1311 10.226.24.52 3389 FTBCO\A70 SSL_NOT_ALLOWED_BY_SERVER - - - - - - - - 0 - - - -
|
|
1193369797.582740 CjhGID4nQcgTWjvg4c 172.21.128.16 1312 10.226.24.52 3389 FTBCO\A70 Success English - United States RDP 6.0 FROG-POND (empty) 1152 864 32bit RSA 1 T RDP High 128bit
|
|
#close 2015-03-05-06-05-01
|