Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect: add keywords for LDAPDN - v4 #12620

Closed
wants to merge 5 commits into from
Closed

detect: add keywords for LDAPDN - v4 #12620

wants to merge 5 commits into from

Conversation

AkakiAlice
Copy link
Contributor

@AkakiAlice AkakiAlice commented Feb 19, 2025
edited
Loading

Ticket: #7471

Contribution style:

Our Contribution agreements:

Changes (if applicable):

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7471

Description:

  • Implement keywords ldap.request.dn and ldap.responses.dn

Changes:

  • Resolve documentation nits
  • Create 2 commits to resolve nits in the LDAP keyword documentation from previous PR

SV_BRANCH=OISF/suricata-verify#2303
Previous PR: #12556

@AkakiAlice
misc: fix name prefix in detect register functions
2cfeaa8
@AkakiAlice
nit: replace 'eve' with 'EVE' in the LDAP keywords documentation
8c9eb77
@AkakiAlice
nit: use the ldap protocol in rule examples in the LDAP keywords docu…
3bc642d 
…mentation
@AkakiAlice
detect: add ldap.request.dn
621b109 
ldap.request.dn matches on LDAPDN from request operations
This keyword maps the following eve fields:
ldap.request.bind_request.name
ldap.request.add_request.entry
ldap.request.search_request.base_object
ldap.request.modify_request.object
ldap.request.del_request.dn
ldap.request.mod_dn_request.entry
ldap.request.compare_request.entry
It is a sticky buffer
Supports prefiltering

Ticket: OISF#7471
@AkakiAlice
detect: add ldap.responses.dn
d623e26 
ldap.responses.dn matches on LDAPDN from responses operations
This keyword maps the following eve fields:
ldap.responses[].search_result_entry.base_object
ldap.responses[].bind_response.matched_dn
ldap.responses[].search_result_done.matched_dn
ldap.responses[].modify_response.matched_dn
ldap.responses[].add_response.matched_dn
ldap.responses[].del_response.matched_dn
ldap.responses[].mod_dn_response.matched_dn
ldap.responses[].compare_response.matched_dn
ldap.responses[].extended_response.matched_dn
It is a sticky buffer
Supports prefiltering

Ticket: OISF#7471
This was referenced Feb 19, 2025
Closed
Closed
Closed
@AkakiAlice
Copy link
Contributor Author

Comment updated with rebased SV_BRANCH

@inashivb inashivb added the needs rebase Needs rebase to master label Feb 19, 2025
@victorjulien
Copy link
Member

CI is red, any idea why?

@catenacyber
Copy link
Contributor

nit: commits should be doc:

@catenacyber
Copy link
Contributor

catenacyber commented Feb 19, 2025
edited
Loading

CI is red, any idea why?

Old SV branch was used

catenacyber
catenacyber reviewed Feb 19, 2025
View reviewed changes
doc/userguide/suricatactl-filestore.1
@@ -0,0 +1,94 @@
.\" Man page generated from reStructuredText.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should not have added these files

catenacyber
catenacyber requested changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@catenacyber catenacyber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some git left over and commit to reword ;-)

@AkakiAlice AkakiAlice mentioned this pull request Feb 19, 2025
Closed
5 tasks
@AkakiAlice AkakiAlice closed this Feb 19, 2025
@AkakiAlice
Copy link
Contributor Author

Replaced by: #12634

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber requested changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
needs rebase Needs rebase to master
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AkakiAlice @victorjulien @catenacyber @inashivb