main.bro¶

Namespace:	NTLM
Imports:	base/frameworks/dpd
Source File:	`/scripts/base/protocols/ntlm/main.bro`

Summary¶

NTLM::Info: record

`DPD::ignore_violations`: `set` `&redef`
`Log::ID`: `enum`
`connection`: `record`

NTLM::Info¶

Type:

Type:	`record` ts: `time` `&log` Timestamp for when the event happened. uid: `string` `&log` Unique ID for the connection. id: `conn_id` `&log` The connection’s 4-tuple of endpoint addresses/ports. username: `string` `&log` `&optional` Username given by the client. hostname: `string` `&log` `&optional` Hostname given by the client. domainname: `string` `&log` `&optional` Domainname given by the client. server_nb_computer_name: `string` `&log` `&optional` NetBIOS name given by the server in a CHALLENGE. server_dns_computer_name: `string` `&log` `&optional` DNS name given by the server in a CHALLENGE. server_tree_name: `string` `&log` `&optional` Tree name given by the server in a CHALLENGE. success: `bool` `&log` `&optional` Indicate whether or not the authentication was successful. done: `bool` `&default` = `F` `&optional` Internally used field to indicate if the login attempt has already been logged.

ts: time &log: Timestamp for when the event happened.
uid: string &log: Unique ID for the connection.
id: conn_id &log: The connection’s 4-tuple of endpoint addresses/ports.
username: string &log &optional: Username given by the client.
hostname: string &log &optional: Hostname given by the client.
domainname: string &log &optional: Domainname given by the client.
server_nb_computer_name: string &log &optional: NetBIOS name given by the server in a CHALLENGE.
server_dns_computer_name: string &log &optional: DNS name given by the server in a CHALLENGE.
server_tree_name: string &log &optional: Tree name given by the server in a CHALLENGE.
success: bool &log &optional: Indicate whether or not the authentication was successful.
done: bool &default = F &optional: Internally used field to indicate if the login attempt has already been logged.