[IntelMQ-dev] RFC: scan_msrpc report
Kamil Mankowski
mankowski at cert.at
Tue Dec 3 09:37:50 CET 2024
Based on the documentation:
"The [major].[minor] version of the MSRPC protocol",
do maybe let's call it "extra.msrpc_version"?
Best regards
// Kamil Mańkowski <mankowski at cert.at> - T: +43 676 898 298 7204
// CERT Austria - https://www.cert.at/
// CERT.at GmbH, FB-Nr. 561772k, HG Wien
On 12/3/24 09:33, Sebix wrote:
> Good morning
>
> On 12/2/24 8:36 PM, elsif wrote:
>> [
>> "extra.",
>> "version",
>> "validate_to_none"
>> ],
>
> What "version" is this?
>
> The version of the event specification?
> The version of the feed?
> The server version of RPC?
> The RPC protocol version?
>
> If I'd read just "extra.version" in the event data either as data
> receiver or operator, I'd have no idea what version is meant here.
>
> best regards
> Sebastian
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20241203/773eb18c/attachment.sig>
More information about the IntelMQ-dev
mailing list