base/protocols/ldap/spicy-events.zeek

Events generated by the LDAP analyzer.

See See RFC4511.

Summary

Events

LDAP::bind_request: event

Event generated for each LDAPMessage containing a BindRequest.

LDAP::message: event

Event generated for each LDAPMessage (either direction).

LDAP::search_request: event

Event generated for each LDAPMessage containing a SearchRequest.

LDAP::search_result_entry: event

Event generated for each SearchResultEntry in LDAP messages.

Detailed Interface

Events

LDAP::bind_request
Type

event (c: connection, message_id: int, version: int, name: string, auth_type: LDAP::BindAuthType, auth_info: string)

Event generated for each LDAPMessage containing a BindRequest.

Parameters

  • c – The connection.

  • message_id – The messageID element.

  • version – The version field in the BindRequest.

  • name – The name field in the BindRequest.

  • auth_type – The auth type field in the BindRequest.

  • auth_info – Additional information related to the used auth type.

LDAP::message
Type

event (c: connection, message_id: int, opcode: LDAP::ProtocolOpcode, result: LDAP::ResultCode, matched_dn: string, diagnostic_message: string, object: string, argument: string)

Event generated for each LDAPMessage (either direction).

Parameters

  • c – The connection.

  • message_id – The messageID element.

  • opcode – The protocolOp field in the message.

  • result – The result code if the message contains a result.

  • matched_dn – The DN if the message contains a result.

  • diagnostic_message – Diagnostic message if the LDAP message contains a result.

  • object – The object name this message refers to.

  • argument – Additional arguments this message includes.

LDAP::search_request
Type

event (c: connection, message_id: int, base_object: string, scope: LDAP::SearchScope, deref: LDAP::SearchDerefAlias, size_limit: int, time_limit: int, types_only: bool, filter: string, attributes: vector of string)

Event generated for each LDAPMessage containing a SearchRequest.

Parameters

  • c – The connection.

  • message_id – The messageID element.

  • base_object – The baseObject field in the SearchRequest.

  • scope – The scope field in the SearchRequest.

  • deref_alias – The derefAlias field in the SearchRequest

  • size_limit – The sizeLimit field in the SearchRequest.

  • time_limit – The timeLimit field in the SearchRequest.

  • types_only – The typesOnly field in the SearchRequest.

  • filter – The string representation of the filter field in the SearchRequest.

  • attributes – Additional attributes of the SearchRequest.

LDAP::search_result_entry
Type

event (c: connection, message_id: int, object_name: string)

Event generated for each SearchResultEntry in LDAP messages.

Parameters

  • c – The connection.

  • message_id – The messageID element.

  • object_name – The object name in the SearchResultEntry.