...
index="winevent_dc_index" source="wineventlog:directory service" EventCode="2889"
| rex field=_raw "(?ms)Binding\s+Type:\s+(?<typeBind>\d)"
| table _time, host, EventCode, ClientIdentity, ClientIPAddress, typeBind
Truth Tables
Build notes | Bind | Signing | Certificate | Encryption | Result | |
---|---|---|---|---|---|---|
10.14.6 | USB installer | |||||
10.15.2 | USB installer | |||||
Wireshark - SASL bind behavior
...