Eight DCERPC interfaces called some type of RPC service, but only 4b324fc8-1670-01d3-1278-5a47bf6ee188 led to a branching in the tree.
The branches found inform the network administrator that the 4b324fc8-1670-01d3-1278-5a47bf6ee188 DCERPC interface is used by two different transfer syntaxes aimed at exploring the same vulnerabilities.
Snort was chosen because it is capable of processing DCERPC information, the main type of information available in the datasets.
The analysis of the four datasets revealed similarities in the decision trees branching, sometimes changing only the target class or the leaf of a tree and, in other cases, the DCERPC connection interface.
DCERPC interface (attribute dcerpcbind_uuid): 4b324fc8-1670-01d3-1278-5a47bf6ee188;
dce_opnum: 32,15: Information obtained after a research about the DCERPC interface, the transfer syntax, the service used, and the call to the service used .