base/bif/plugins/Bro_RDP.events.bif.bro¶
-
GLOBAL¶
| Namespace: | GLOBAL |
|---|---|
| Source File: | /scripts/base/bif/plugins/Bro_RDP.events.bif.bro |
Summary¶
Events¶
rdp_begin_encryption: event |
Generated when an RDP session becomes encrypted. |
rdp_client_core_data: event |
Generated for MCS client requests. |
rdp_connect_request: event |
Generated for X.224 client requests. |
rdp_gcc_server_create_response: event |
Generated for MCS server responses. |
rdp_negotiation_failure: event |
Generated for RDP Negotiation Failure messages. |
rdp_negotiation_response: event |
Generated for RDP Negotiation Response messages. |
rdp_server_certificate: event |
Generated for a server certificate section. |
rdp_server_security: event |
Generated for MCS server responses. |
Detailed Interface¶
Events¶
-
rdp_begin_encryption¶ Type: event(c:connection, security_protocol:count)Generated when an RDP session becomes encrypted.
C: The connection record for the underlying transport-layer session/flow. Security_protocol: The security protocol being used for the session.
-
rdp_client_core_data¶ Type: event(c:connection, data:RDP::ClientCoreData)Generated for MCS client requests.
C: The connection record for the underlying transport-layer session/flow. Data: The data contained in the client core data structure.
-
rdp_connect_request¶ Type: event(c:connection, cookie:string)Generated for X.224 client requests.
C: The connection record for the underlying transport-layer session/flow. Cookie: The cookie included in the request.
-
rdp_gcc_server_create_response¶ Type: event(c:connection, result:count)Generated for MCS server responses.
C: The connection record for the underlying transport-layer session/flow. Result: The 8-bit integer representing the GCC Conference Create Response result.
-
rdp_negotiation_failure¶ Type: event(c:connection, failure_code:count)Generated for RDP Negotiation Failure messages.
C: The connection record for the underlying transport-layer session/flow. Failure_code: The failure code sent by the server.
-
rdp_negotiation_response¶ Type: event(c:connection, security_protocol:count)Generated for RDP Negotiation Response messages.
C: The connection record for the underlying transport-layer session/flow. Security_protocol: The security protocol selected by the server.
-
rdp_server_certificate¶ Type: event(c:connection, cert_type:count, permanently_issued:bool)Generated for a server certificate section. If multiple X.509 certificates are included in chain, this event will still only be generated a single time.
C: The connection record for the underlying transport-layer session/flow. Cert_type: Indicates the type of certificate. Permanently_issued: Value will be true is the certificate(s) is permanent on the server.
-
rdp_server_security¶ Type: event(c:connection, encryption_method:count, encryption_level:count)Generated for MCS server responses.
C: The connection record for the underlying transport-layer session/flow. Encryption_method: The 32-bit integer representing the encryption method used in the connection. Encryption_level: The 32-bit integer representing the encryption level used in the connection.
Copyright 2016, The Bro Project.
Last updated on December 19, 2018.
Created using Sphinx 1.8.2.