Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-01 22:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek

Browse source 
* 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek:
  Add NEWS entry for generic packet thresholds
  Allow for multiple generic packet thresholds
  Add btest for conn_generic_packet_threshold_crossed event
  Update dump-events btest baseline
  Add conn_generic_packet_threshold_crossed event
This commit is contained in:
Arne Welzel 2025-07-08 17:53:56 +02:00
commit 0c60f2a70a
11 changed files with 140 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
NEWS
View file

@ -218,6 +218,17 @@ New Functionality
get_tags_by_category("ANALYZER");
- A new ``conn_generic_packet_threshold_crossed`` event was introduced. The event triggers
for any IP-based session that reaches a given threshold. Multiple packet thresholds can
be defined in ``ConnThreshold::generic_packet_thresholds``. The generic thresholds refer
to the total number of packets on a connection without taking direction into account
(i.e. the event also triggers on one-sided connections).
The event is intended as an alternative to the ``new_connection`` event that allows for
ignoring short-lived connections like DNS or scans. For example, it can be used to set
up traditional connection monitoring without introducing overhead for connections that
would never reach a larger threshold anyway.
Changed Functionality
---------------------