Hi all,
Could anyone provide more information about the changes being made to DNS, RDP and SMB analyzers in the shift to Zeek 3.0?
Are there new fields being added?
If anyone has tried it out and has any insight it would be appreciated.
I won’t get a chance to test 3.0 out myself for a few weeks, so I’m hoping to have an idea of what to expect when making the switch.
Any information would be greatly appreciated,
Thanks!
Could anyone provide more information about the changes being made to DNS, RDP and SMB analyzers in the shift to Zeek 3.0?
I'd suggest reading the NEWS file, which calls out all the most
important additions/changes:
To summarize what I see for those specific analyzers:
* DNS added events for SPF and DNSSEC resource records
* RDP added new events and a "client_channels" field in the rdp.log
* SMB adds support for some 3.x features (new event and new fields in
the `SMB2::NegotiateResponse` record)
- Jon