# This file was automatically generated by bifcl from /Users/jon/tmp/bro-2.5.5/src/analyzer/protocol/rdp/events.bif (plugin mode).

## Generated for X.224 client requests.
##
## c: The connection record for the underlying transport-layer session/flow.
##
## cookie: The cookie included in the request.
export {
global rdp_connect_request: event(c: connection , cookie: string );


## Generated for RDP Negotiation Response messages.
##
## c: The connection record for the underlying transport-layer session/flow.
##
## security_protocol: The security protocol selected by the server.
global rdp_negotiation_response: event(c: connection , security_protocol: count );


## Generated for RDP Negotiation Failure messages.
##
## c: The connection record for the underlying transport-layer session/flow.
##
## failure_code: The failure code sent by the server.
global rdp_negotiation_failure: event(c: connection , failure_code: count );


## Generated for MCS client requests.
##
## c: The connection record for the underlying transport-layer session/flow.
##
## data: The data contained in the client core data structure.
global rdp_client_core_data: event(c: connection , data: RDP::ClientCoreData );


## Generated for MCS server responses.
##
## c: The connection record for the underlying transport-layer session/flow.
##
## result: The 8-bit integer representing the GCC Conference Create Response result.
global rdp_gcc_server_create_response: event(c: connection , result: count );


## Generated for MCS server responses.
##
## c: The connection record for the underlying transport-layer session/flow.
##
## encryption_method: The 32-bit integer representing the encryption method used in the connection.
##
## encryption_level: The 32-bit integer representing the encryption level used in the connection.
global rdp_server_security: event(c: connection , encryption_method: count , encryption_level: count );


## Generated for a server certificate section.  If multiple X.509 
## certificates are included in chain, this event will still
## only be generated a single time.
##
## c: The connection record for the underlying transport-layer session/flow.
##
## cert_type: Indicates the type of certificate.
##
## permanently_issued: Value will be true is the certificate(s) is permanent on the server.
global rdp_server_certificate: event(c: connection , cert_type: count , permanently_issued: bool );


## Generated when an RDP session becomes encrypted.
##
## c: The connection record for the underlying transport-layer session/flow.
##
## security_protocol: The security protocol being used for the session.
global rdp_begin_encryption: event(c: connection , security_protocol: count );
} # end of export section
module GLOBAL;