base/protocols/ntlm/main.zeek¶
-
NTLM
¶
Namespace: | NTLM |
---|---|
Imports: | base/frameworks/dpd |
Summary¶
Types¶
NTLM::Info : record |
Redefinitions¶
DPD::ignore_violations : set &redef |
|
Log::ID : enum |
|
connection : record |
Detailed Interface¶
Types¶
-
NTLM::Info
¶ Type: - ts:
time
&log
Timestamp for when the event happened.
- uid:
string
&log
Unique ID for the connection.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- username:
string
&log
&optional
Username given by the client.
- hostname:
string
&log
&optional
Hostname given by the client.
- domainname:
string
&log
&optional
Domainname given by the client.
- server_nb_computer_name:
string
&log
&optional
NetBIOS name given by the server in a CHALLENGE.
- server_dns_computer_name:
string
&log
&optional
DNS name given by the server in a CHALLENGE.
- server_tree_name:
string
&log
&optional
Tree name given by the server in a CHALLENGE.
- success:
bool
&log
&optional
Indicate whether or not the authentication was successful.
- done:
bool
&default
=F
&optional
Internally used field to indicate if the login attempt has already been logged.
- ts: