Capturing active directory authentication

Monah_Baki · May 17, 2016, 11:12am

Hi all,

Our bro sensor is connected to a tap, I would like to capture users Active directory and their IP address for tracking purposes. Is this possible?

Thanks
Monah

Seth_Hall1 · May 18, 2016, 1:30am

It should be in Bro 2.5. There is an SMB analyzer in development that includes an NTLM analyzer.

.Seth

Topic		Replies	Views
LDAP Analyzer Zeek	1	68	May 6, 2022
Looking for a tool detecting abusing IPs Zeek	2	64	May 6, 2022
LDAP Analyzer Zeek	2	98	May 6, 2022
how use scan analyzer ? Zeek	2	45	May 6, 2022
Sanity check - Grabbing platform tokens from browser user agents (was p0f) Zeek	7	47	May 6, 2022