[Bro] rdp.log result column
Josh Liburdi
liburdi.joshua at gmail.com
Fri Jul 1 06:32:40 PDT 2016
Success means that the RDP server successfully accepted the RDP client's
setup parameters. (Note that it doesn't mean the RDP connection was
successful.) Encrypted means that the RDP session setup was already
encrypted and the analyzer can't determine the result. IIRC if the result
is encrypted, you will have little to no metadata in the log entry-- maybe
just a cookie value.
Josh
On Fri, Jul 1, 2016 at 9:27 AM, Josh Guild <josh.guild at morphick.com> wrote:
> Hi all,
>
> I have a quick question on the different entries for the "result" column
> in the rdp.log.
>
> What's the difference between an "encrypted" v. "Success RDP" result and
> is there a source with explanations of different results? My Google-Fu is
> failing :)
>
> Any help would be much obliged, thanks!
>
> Josh
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160701/a2b1b52e/attachment.html
More information about the Bro
mailing list