base/protocols/ntlm/main.zeek¶
-
NTLM¶
| Namespace: | NTLM |
|---|---|
| Imports: | base/frameworks/dpd |
Summary¶
Types¶
NTLM::Info: record |
Redefinitions¶
DPD::ignore_violations: set &redef |
|
Log::ID: enum |
|
connection: record |
Detailed Interface¶
Types¶
-
NTLM::Info¶ Type: - ts:
time&log Timestamp for when the event happened.
- uid:
string&log Unique ID for the connection.
- id:
conn_id&log The connection’s 4-tuple of endpoint addresses/ports.
- username:
string&log&optional Username given by the client.
- hostname:
string&log&optional Hostname given by the client.
- domainname:
string&log&optional Domainname given by the client.
- server_nb_computer_name:
string&log&optional NetBIOS name given by the server in a CHALLENGE.
- server_dns_computer_name:
string&log&optional DNS name given by the server in a CHALLENGE.
- server_tree_name:
string&log&optional Tree name given by the server in a CHALLENGE.
- success:
bool&log&optional Indicate whether or not the authentication was successful.
- done:
bool&default=F&optional Internally used field to indicate if the login attempt has already been logged.
- ts: