[Bro-Dev] [JIRA] (BIT-1369) Kerberos Analyzer

Vlad Grigorescu (JIRA) jira at bro-tracker.atlassian.net
Tue Apr 21 10:10:01 PDT 2015


    [ https://bro-tracker.atlassian.net/browse/BIT-1369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20413#comment-20413 ] 

Vlad Grigorescu commented on BIT-1369:
--------------------------------------

I tweaked the kinit btest to print output for one of the other events, and I added another btest that tests the TGS events.

I couldn't find a good way to generate the other events in my test environment - I've often seen them in Microsoft AD environments, and not in the MIT or Heimdal implementations.

Of the untested events, ```krb_ap_response``` and ```krb_priv``` only have the connection information, ```krb_cred`` and ```krb_safe``` are rarely seen. I'll keep thinking of a way to test those, but I don't think that should be a blocker.

> Kerberos Analyzer
> -----------------
>
>                 Key: BIT-1369
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1369
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: 2.4
>            Reporter: Vlad Grigorescu
>            Assignee: Robin Sommer
>             Fix For: 2.4
>
>
> topic/vladg/kerberos has a Kerberos analyzer.



--
This message was sent by Atlassian JIRA
(v6.5-OD-01-120#65000)


More information about the bro-dev mailing list