base/protocols/ntlm/main.bro

NTLM
Namespace:NTLM
Imports:base/frameworks/dpd, base/protocols/smb
Source File:/scripts/base/protocols/ntlm/main.bro

Summary

Options

NTLM::auth_failure_statuses: set &redef DOS and NT status codes that indicate authentication failure.

Types

NTLM::Info: record  

Detailed Interface

Options

NTLM::auth_failure_statuses
Type:set [count]
Attributes:&redef
Default:
{
   3221225581,
   3221225585,
   86900737,
   3221225584,
   3221225578,
   3221225586,
   146800642,
   146866178,
   146931714,
   3221225506,
   3221225569,
   3221225583
}

DOS and NT status codes that indicate authentication failure.

Types

NTLM::Info
Type:

record

ts: time &log

Timestamp for when the event happened.

uid: string &log

Unique ID for the connection.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

username: string &log &optional

Username given by the client.

hostname: string &log &optional

Hostname given by the client.

domainname: string &log &optional

Domainname given by the client.

success: bool &log &optional

Indicate whether or not the authentication was successful.

status: string &log &optional

A string representation of the status code that was returned in response to the authentication attempt.

done: bool &default = F &optional

Internally used field to indicate if the login attempt has already been logged.


Copyright 2016, The Bro Project. Last updated on October 16, 2017. Created using Sphinx 1.5.2.