base/bif/plugins/Bro_RDP.events.bif.bro

GLOBAL
Namespace:GLOBAL
Source File:/scripts/base/bif/plugins/Bro_RDP.events.bif.bro

Summary

Events

rdp_begin_encryption: event Generated when an RDP session becomes encrypted.
rdp_client_core_data: event Generated for MCS client requests.
rdp_connect_request: event Generated for X.224 client requests.
rdp_gcc_server_create_response: event Generated for MCS server responses.
rdp_negotiation_failure: event Generated for RDP Negotiation Failure messages.
rdp_negotiation_response: event Generated for RDP Negotiation Response messages.
rdp_server_certificate: event Generated for a server certificate section.
rdp_server_security: event Generated for MCS server responses.

Detailed Interface

Events

rdp_begin_encryption
Type:event (c: connection, security_protocol: count)

Generated when an RDP session becomes encrypted.

C:The connection record for the underlying transport-layer session/flow.
Security_protocol:
 The security protocol being used for the session.
rdp_client_core_data
Type:event (c: connection, data: RDP::ClientCoreData)

Generated for MCS client requests.

C:The connection record for the underlying transport-layer session/flow.
Data:The data contained in the client core data structure.
rdp_connect_request
Type:event (c: connection, cookie: string)

Generated for X.224 client requests.

C:The connection record for the underlying transport-layer session/flow.
Cookie:The cookie included in the request.
rdp_gcc_server_create_response
Type:event (c: connection, result: count)

Generated for MCS server responses.

C:The connection record for the underlying transport-layer session/flow.
Result:The 8-bit integer representing the GCC Conference Create Response result.
rdp_negotiation_failure
Type:event (c: connection, failure_code: count)

Generated for RDP Negotiation Failure messages.

C:The connection record for the underlying transport-layer session/flow.
Failure_code:The failure code sent by the server.
rdp_negotiation_response
Type:event (c: connection, security_protocol: count)

Generated for RDP Negotiation Response messages.

C:The connection record for the underlying transport-layer session/flow.
Security_protocol:
 The security protocol selected by the server.
rdp_server_certificate
Type:event (c: connection, cert_type: count, permanently_issued: bool)

Generated for a server certificate section. If multiple X.509 certificates are included in chain, this event will still only be generated a single time.

C:The connection record for the underlying transport-layer session/flow.
Cert_type:Indicates the type of certificate.
Permanently_issued:
 Value will be true is the certificate(s) is permanent on the server.
rdp_server_security
Type:event (c: connection, encryption_method: count, encryption_level: count)

Generated for MCS server responses.

C:The connection record for the underlying transport-layer session/flow.
Encryption_method:
 The 32-bit integer representing the encryption method used in the connection.
Encryption_level:
 The 32-bit integer representing the encryption level used in the connection.

Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.