base/bif/plugins/Bro_RDP.events.bif.bro
- GLOBAL
| Namespace: | GLOBAL |
|---|---|
| Source File: | /scripts/base/bif/plugins/Bro_RDP.events.bif.bro |
Summary
Events
| rdp_begin_encryption: event | Generated when an RDP session becomes encrypted. |
| rdp_client_core_data: event | Generated for MCS client requests. |
| rdp_connect_request: event | Generated for X.224 client requests. |
| rdp_gcc_server_create_response: event | Generated for MCS server responses. |
| rdp_negotiation_failure: event | Generated for RDP Negotiation Failure messages. |
| rdp_negotiation_response: event | Generated for RDP Negotiation Response messages. |
| rdp_server_certificate: event | Generated for a server certificate section. |
| rdp_server_security: event | Generated for MCS server responses. |
Detailed Interface
Events
- rdp_begin_encryption
Type : event (c: connection, security_protocol: count) Generated when an RDP session becomes encrypted.
C : The connection record for the underlying transport-layer session/flow. Security_protocol : The security protocol being used for the session.
- rdp_client_core_data
Type : event (c: connection, data: RDP::ClientCoreData) Generated for MCS client requests.
C : The connection record for the underlying transport-layer session/flow. Data : The data contained in the client core data structure.
- rdp_connect_request
Type : event (c: connection, cookie: string) Generated for X.224 client requests.
C : The connection record for the underlying transport-layer session/flow. Cookie : The cookie included in the request.
- rdp_gcc_server_create_response
Type : event (c: connection, result: count) Generated for MCS server responses.
C : The connection record for the underlying transport-layer session/flow. Result : The 8-bit integer representing the GCC Conference Create Response result.
- rdp_negotiation_failure
Type : event (c: connection, failure_code: count) Generated for RDP Negotiation Failure messages.
C : The connection record for the underlying transport-layer session/flow. Failure_code : The failure code sent by the server.
- rdp_negotiation_response
Type : event (c: connection, security_protocol: count) Generated for RDP Negotiation Response messages.
C : The connection record for the underlying transport-layer session/flow. Security_protocol : The security protocol selected by the server.
- rdp_server_certificate
Type : event (c: connection, cert_type: count, permanently_issued: bool) Generated for a server certificate section. If multiple X.509 certificates are included in chain, this event will still only be generated a single time.
C : The connection record for the underlying transport-layer session/flow. Cert_type : Indicates the type of certificate. Permanently_issued : Value will be true is the certificate(s) is permanent on the server.
- rdp_server_security
Type : event (c: connection, encryption_method: count, encryption_level: count) Generated for MCS server responses.
C : The connection record for the underlying transport-layer session/flow. Encryption_method : The 32-bit integer representing the encryption method used in the connection. Encryption_level : The 32-bit integer representing the encryption level used in the connection.
Copyright 2013, The Bro Project.
Last updated on September 01, 2016.
Created using Sphinx 1.1.3.