Add documentation for NtlmRawEvent

Closes #976
aicers · Feb 19, 2025 · 204da38 · 204da38
1 parent 1c3ecb6
commit 204da38
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -64,6 +64,7 @@ Versioning](https://semver.org/spec/v2.0.0.html).
   - `bootpRawEvents`
   - `dceRpcRawEvents`
   - `rdpRawEvents`
+  - `ntlmRawEvents`
 - `log_dir` is no longer a configuration item. To specify the log directory, it
   is required to use an optional command-line argument `log-dir`.
 - Logging behavior related to command line arguemtn `log-dir` is as follows:

diff --git a/src/graphql/client/schema/schema.graphql b/src/graphql/client/schema/schema.graphql
@@ -1348,18 +1348,46 @@ type NfsRawEventEdge {
   cursor: String!
 }
 
+# Represents an event extracted from the NTLM protocol.
 type NtlmRawEvent {
+  # Start Time
   time: DateTime!
+
+  # Source IP Address
   origAddr: String!
+
+  # Source Port Number
   origPort: Int!
+
+  # Destination IP Address
   respAddr: String!
+
+  # Destination Port Number
   respPort: Int!
+
+  # Protocol Number
+  #
+  # TCP is 6, and UDP is 17.
   proto: Int!
+
+  # End Time
+  #
+  # It is measured in nanoseconds.
   lastTime: StringNumberI64!
+
+  # Username
   username: String!
+
+  # Hostname
   hostname: String!
+
+  # Domain Name
   domainname: String!
+
+  # Authentication Success
   success: String!
+
+  # Transport Protocol
   protocol: String!
 }
 

diff --git a/src/graphql/network.rs b/src/graphql/network.rs
@@ -343,20 +343,37 @@ struct SmtpRawEvent {
     state: String,
 }
 
+/// Represents an event extracted from the NTLM protocol.
 #[derive(SimpleObject, Debug, ConvertGraphQLEdgesNode)]
 #[graphql_client_type(names = [ntlm_raw_events::NtlmRawEventsNtlmRawEventsEdgesNode, network_raw_events::NetworkRawEventsNetworkRawEventsEdgesNodeOnNtlmRawEvent])]
 struct NtlmRawEvent {
+    /// Start Time
     time: DateTime<Utc>,
+    /// Source IP Address
     orig_addr: String,
+    /// Source Port Number
     orig_port: u16,
+    /// Destination IP Address
     resp_addr: String,
+    /// Destination Port Number
     resp_port: u16,
+    /// Protocol Number
+    ///
+    /// TCP is 6, and UDP is 17.
     proto: u8,
+    /// End Time
+    ///
+    /// It is measured in nanoseconds.
     last_time: StringNumberI64,
+    /// Username
     username: String,
+    /// Hostname
     hostname: String,
+    /// Domain Name
     domainname: String,
+    /// Authentication Success
     success: String,
+    /// Transport Protocol
     protocol: String,
 }