:tocdepth: 3

base/bif/plugins/Bro_DCE_RPC.events.bif.bro
===========================================
.. bro:namespace:: GLOBAL


:Namespace: GLOBAL
:Source File: :download:`/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro`

Summary
~~~~~~~
Events
######
============================================= ========================================================================================================================
:bro:id:`dce_rpc_bind`: :bro:type:`event`     Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` bind request message.
:bro:id:`dce_rpc_bind_ack`: :bro:type:`event` Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` bind request ack message.
:bro:id:`dce_rpc_message`: :bro:type:`event`  Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` message.
:bro:id:`dce_rpc_request`: :bro:type:`event`  Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` request message.
:bro:id:`dce_rpc_response`: :bro:type:`event` Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` response message.
============================================= ========================================================================================================================


Detailed Interface
~~~~~~~~~~~~~~~~~~
Events
######
.. bro:id:: dce_rpc_bind

   :Type: :bro:type:`event` (c: :bro:type:`connection`, fid: :bro:type:`count`, uuid: :bro:type:`string`, ver_major: :bro:type:`count`, ver_minor: :bro:type:`count`)

   Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` bind request message.
   Since RPC offers the ability for a client to request connections to multiple endpoints, this event can occur 
   multiple times for a single RPC message.
   

   :c: The connection.
   

   :fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
        message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
        not transported over a pipe.
   

   :uuid: The string interpretted uuid of the endpoint being requested.
   

   :ver_major: The major version of the endpoint being requested.
   

   :ver_minor: The minor version of the endpoint being requested.
   
   .. bro:see:: dce_rpc_message dce_rpc_bind_ack dce_rpc_request dce_rpc_response

.. bro:id:: dce_rpc_bind_ack

   :Type: :bro:type:`event` (c: :bro:type:`connection`, fid: :bro:type:`count`, sec_addr: :bro:type:`string`)

   Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` bind request ack message.
   

   :c: The connection.
   

   :fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
        message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
        not transported over a pipe.
   

   :sec_addr: Secondary address for the ack.
   
   .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_request dce_rpc_response

.. bro:id:: dce_rpc_message

   :Type: :bro:type:`event` (c: :bro:type:`connection`, is_orig: :bro:type:`bool`, fid: :bro:type:`count`, ptype_id: :bro:type:`count`, ptype: :bro:type:`DCE_RPC::PType`)

   Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` message.
   

   :c: The connection.
   

   :is_orig: True if the message was sent by the originator of the TCP connection.
   

   :fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
        message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
        not transported over a pipe.
   

   :ptype_id: Numeric representation of the procedure type of the message.
   

   :ptype: Enum representation of the prodecure type of the message.
   
   .. bro:see:: dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response

.. bro:id:: dce_rpc_request

   :Type: :bro:type:`event` (c: :bro:type:`connection`, fid: :bro:type:`count`, opnum: :bro:type:`count`, stub_len: :bro:type:`count`)

   Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` request message.
   

   :c: The connection.
   

   :fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
        message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
        not transported over a pipe.
   

   :opnum: Number of the RPC operation.
   

   :stub_len: Length of the data for the request.
   
   .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_response

.. bro:id:: dce_rpc_response

   :Type: :bro:type:`event` (c: :bro:type:`connection`, fid: :bro:type:`count`, opnum: :bro:type:`count`, stub_len: :bro:type:`count`)

   Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` response message.
   

   :c: The connection.
   

   :fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
        message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
        not transported over a pipe.
   

   :opnum: Number of the RPC operation.
   

   :stub_len: Length of the data for the response.
   
   .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request


