Suricata NTLM protocol detection

atbohmer · June 4, 2024, 3:11pm

Hello,

Guess having a brain short circuit moment, but I had the idea suricata also detects ntlm version as a seperate protocol like tls, smb ?

Cheers
Proud suricata beta 8 user

Andreas_Herz · July 31, 2024, 8:55pm

Currently not, there is no dedicated NTLM parser but NTLM related parts in smb.

Topic		Replies	Views
Suricata as a NSM Help	12	1674	July 21, 2023
Suricata port agnostic protocol detection at higher speed 100+Gbps	5	201	April 16, 2024
Does Suricata detect non-decapsulated VXLAN traffic? Help	0	415	April 26, 2021
🔴 Hands-On Session: Detect Lateral Movement in Microsoft Environment with Suricata (Part 1) Announcements webinar	0	963	April 19, 2022
Hands-On Session: Detecting Lateral Movement in Microsoft Environments (Part 2) Announcements community , webinar , suricata	1	1112	October 3, 2022