Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek

Browse source 
* 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek:
  Add NEWS entry for generic packet thresholds
  Allow for multiple generic packet thresholds
  Add btest for conn_generic_packet_threshold_crossed event
  Update dump-events btest baseline
  Add conn_generic_packet_threshold_crossed event
This commit is contained in:
Arne Welzel 2025-07-08 17:53:56 +02:00
commit 0c60f2a70a
11 changed files with 140 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
scripts/base/init-bare.zeek
View file

@ -6379,6 +6379,18 @@ export {
};
}
module ConnThreshold;
export {
## Number of packets required to be observed on any IP-based session to
## trigger :zeek:id:`conn_generic_packet_threshold_crossed`. Note that the
## thresholds refers to the total number of packets transferred in both
## directions.
##
## .. zeek:see:: conn_generic_packet_threshold_crossed
const generic_packet_thresholds: set[count] = {} &redef;
}
module GLOBAL;
@load base/bif/event.bif