Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Change doc/ subdir into a git submodule

Browse source 
The docs now live at https://github.com/zeek/zeek-docs
This commit is contained in:
Jon Siwek 2019-01-17 14:09:29 -06:00
parent 0d685efbf5
commit 2ff746fea7
693 changed files with 26 additions and 105609 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/base/files/extract/__load__.bro.rst
View file

@ -1,14 +0,0 @@
:tocdepth: 3
base/files/extract/__load__.bro
===============================
:Imports: :doc:`base/files/extract/main.bro </scripts/base/files/extract/main.bro>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

13
doc/scripts/base/files/extract/index.rst
View file

@ -1,13 +0,0 @@
:orphan:
Package: base/files/extract
===========================
Support for extracting files with the file analysis framework.
:doc:`/scripts/base/files/extract/__load__.bro`
:doc:`/scripts/base/files/extract/main.bro`

84
doc/scripts/base/files/extract/main.bro.rst
View file

@ -1,84 +0,0 @@
:tocdepth: 3
base/files/extract/main.bro
===========================
.. bro:namespace:: FileExtract
:Namespace: FileExtract
:Imports: :doc:`base/frameworks/files </scripts/base/frameworks/files/index>`, :doc:`base/utils/paths.bro </scripts/base/utils/paths.bro>`
Summary
~~~~~~~
Runtime Options
###############
========================================================================== ================================================================
:bro:id:`FileExtract::default_limit`: :bro:type:`count` :bro:attr:`&redef` The default max size for extracted files (they won't exceed this
number of bytes).
========================================================================== ================================================================
Redefinable Options
###################
==================================================================== ========================================
:bro:id:`FileExtract::prefix`: :bro:type:`string` :bro:attr:`&redef` The prefix where files are extracted to.
==================================================================== ========================================
Redefinitions
#############
====================================================================== =
:bro:type:`Files::AnalyzerArgs`: :bro:type:`record` :bro:attr:`&redef`
:bro:type:`Files::Info`: :bro:type:`record` :bro:attr:`&redef`
====================================================================== =
Functions
#########
====================================================== =============================================
:bro:id:`FileExtract::set_limit`: :bro:type:`function` Sets the maximum allowed extracted file size.
====================================================== =============================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Runtime Options
###############
.. bro:id:: FileExtract::default_limit
:Type: :bro:type:`count`
:Attributes: :bro:attr:`&redef`
:Default: ``104857600``
The default max size for extracted files (they won't exceed this
number of bytes). A value of zero means unlimited.
Redefinable Options
###################
.. bro:id:: FileExtract::prefix
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``"./extract_files/"``
The prefix where files are extracted to.
Functions
#########
.. bro:id:: FileExtract::set_limit
:Type: :bro:type:`function` (f: :bro:type:`fa_file`, args: :bro:type:`Files::AnalyzerArgs`, n: :bro:type:`count`) : :bro:type:`bool`
Sets the maximum allowed extracted file size.
:f: A file that's being extracted.
:args: Arguments that identify a file extraction analyzer.
:n: Allowed number of bytes to be extracted.
:returns: false if a file extraction analyzer wasn't active for
the file, else true.

14
doc/scripts/base/files/hash/__load__.bro.rst
View file

@ -1,14 +0,0 @@
:tocdepth: 3
base/files/hash/__load__.bro
============================
:Imports: :doc:`base/files/hash/main.bro </scripts/base/files/hash/main.bro>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

13
doc/scripts/base/files/hash/index.rst
View file

@ -1,13 +0,0 @@
:orphan:
Package: base/files/hash
========================
Support for file hashes with the file analysis framework.
:doc:`/scripts/base/files/hash/__load__.bro`
:doc:`/scripts/base/files/hash/main.bro`

22
doc/scripts/base/files/hash/main.bro.rst
View file

@ -1,22 +0,0 @@
:tocdepth: 3
base/files/hash/main.bro
========================
.. bro:namespace:: FileHash
:Namespace: FileHash
:Imports: :doc:`base/frameworks/files </scripts/base/frameworks/files/index>`
Summary
~~~~~~~
Redefinitions
#############
============================================================== =
:bro:type:`Files::Info`: :bro:type:`record` :bro:attr:`&redef`
============================================================== =
Detailed Interface
~~~~~~~~~~~~~~~~~~

14
doc/scripts/base/files/pe/__load__.bro.rst
View file

@ -1,14 +0,0 @@
:tocdepth: 3
base/files/pe/__load__.bro
==========================
:Imports: :doc:`base/files/pe/consts.bro </scripts/base/files/pe/consts.bro>`, :doc:`base/files/pe/main.bro </scripts/base/files/pe/main.bro>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

281
doc/scripts/base/files/pe/consts.bro.rst
View file

@ -1,281 +0,0 @@
:tocdepth: 3
base/files/pe/consts.bro
========================
.. bro:namespace:: PE
:Namespace: PE
Summary
~~~~~~~
Constants
#########
========================================================================================================================== =
:bro:id:`PE::directories`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:bro:id:`PE::dll_characteristics`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:bro:id:`PE::file_characteristics`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:bro:id:`PE::machine_types`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:bro:id:`PE::os_versions`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:bro:id:`PE::section_characteristics`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:bro:id:`PE::section_descs`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:bro:id:`PE::windows_subsystems`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
========================================================================================================================== =
Detailed Interface
~~~~~~~~~~~~~~~~~~
Constants
#########
.. bro:id:: PE::directories
:Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
:Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:Default:
::
{
[2] = "Resource Table",
[9] = "TLS Table",
[6] = "Debug",
[11] = "Bound Import",
[14] = "CLR Runtime Header",
[4] = "Certificate Table",
[1] = "Import Table",
[8] = "Global Ptr",
[7] = "Architecture",
[15] = "Reserved",
[5] = "Base Relocation Table",
[10] = "Load Config Table",
[0] = "Export Table",
[3] = "Exception Table",
[12] = "IAT",
[13] = "Delay Import Descriptor"
}
.. bro:id:: PE::dll_characteristics
:Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
:Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:Default:
::
{
[256] = "NX_COMPAT",
[512] = "NO_ISOLATION",
[128] = "FORCE_INTEGRITY",
[2048] = "NO_BIND",
[32768] = "TERMINAL_SERVER_AWARE",
[8192] = "WDM_DRIVER",
[1024] = "NO_SEH",
[64] = "DYNAMIC_BASE"
}
.. bro:id:: PE::file_characteristics
:Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
:Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:Default:
::
{
[2] = "EXECUTABLE_IMAGE",
[4] = "LINE_NUMS_STRIPPED",
[256] = "32BIT_MACHINE",
[512] = "DEBUG_STRIPPED",
[1] = "RELOCS_STRIPPED",
[8] = "LOCAL_SYMS_STRIPPED",
[16384] = "UP_SYSTEM_ONLY",
[32] = "LARGE_ADDRESS_AWARE",
[128] = "BYTES_REVERSED_LO",
[2048] = "NET_RUN_FROM_SWAP",
[32768] = "BYTES_REVERSED_HI",
[8192] = "DLL",
[1024] = "REMOVABLE_RUN_FROM_SWAP",
[4096] = "SYSTEM",
[16] = "AGGRESSIVE_WS_TRIM"
}
.. bro:id:: PE::machine_types
:Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
:Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:Default:
::
{
[496] = "POWERPC",
[870] = "MIPSFPU",
[497] = "POWERPCFP",
[450] = "THUMB",
[512] = "IA64",
[422] = "SH4",
[361] = "WCEMIPSV2",
[3772] = "EBC",
[34404] = "AMD64",
[452] = "ARMNT",
[358] = "R4000",
[448] = "ARM",
[467] = "AM33",
[43620] = "ARM64",
[36929] = "M32R",
[332] = "I386",
[418] = "SH3",
[0] = "UNKNOWN",
[1126] = "MIPSFPU16",
[424] = "SH5",
[419] = "SH3DSP",
[614] = "MIPS16"
}
.. bro:id:: PE::os_versions
:Type: :bro:type:`table` [:bro:type:`count`, :bro:type:`count`] of :bro:type:`string`
:Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:Default:
::
{
[6, 0] = "Windows Vista or Server 2008",
[5, 0] = "Windows 2000",
[6, 1] = "Windows 7 or Server 2008 R2",
[6, 3] = "Windows 8.1 or Server 2012 R2",
[3, 50] = "Windows NT 3.5",
[2, 11] = "Windows 2.11",
[1, 4] = "Windows 1.04",
[1, 0] = "Windows 1.0",
[3, 10] = "Windows 3.1 or NT 3.1",
[2, 10] = "Windows 2.10",
[4, 90] = "Windows Me",
[3, 2] = "Windows 3.2",
[2, 0] = "Windows 2.0",
[4, 10] = "Windows 98",
[3, 51] = "Windows NT 3.51",
[1, 1] = "Windows 1.01",
[5, 1] = "Windows XP",
[10, 0] = "Windows 10",
[3, 0] = "Windows 3.0",
[6, 4] = "Windows 10 Technical Preview",
[6, 2] = "Windows 8 or Server 2012",
[3, 11] = "Windows for Workgroups 3.11",
[4, 0] = "Windows 95 or NT 4.0",
[1, 3] = "Windows 1.03",
[5, 2] = "Windows XP x64 or Server 2003"
}
.. bro:id:: PE::section_characteristics
:Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
:Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:Default:
::
{
[10485760] = "ALIGN_512BYTES",
[14680064] = "ALIGN_8192BYTES",
[16777216] = "LNK_NRELOC_OVFL",
[7340032] = "ALIGN_64BYTES",
[256] = "LNK_OTHER",
[512] = "LNK_INFO",
[131072] = "MEM_16BIT",
[8388608] = "ALIGN_128BYTES",
[33554432] = "MEM_DISCARDABLE",
[8] = "TYPE_NO_PAD",
[12582912] = "ALIGN_2048BYTES",
[536870912] = "MEM_EXECUTE",
[67108864] = "MEM_NOT_CACHED",
[524288] = "MEM_PRELOAD",
[262144] = "MEM_LOCKED",
[32] = "CNT_CODE",
[128] = "CNT_UNINITIALIZED_DATA",
[1048576] = "ALIGN_1BYTES",
[4194304] = "ALIGN_8BYTES",
[2048] = "LNK_REMOVE",
[32768] = "GPREL",
[1073741824] = "MEM_READ",
[2097152] = "ALIGN_2BYTES",
[9437184] = "ALIGN_256BYTES",
[13631488] = "ALIGN_4096BYTES",
[134217728] = "MEM_NOT_PAGED",
[11534336] = "ALIGN_1024BYTES",
[2147483648] = "MEM_WRITE",
[64] = "CNT_INITIALIZED_DATA",
[5242880] = "ALIGN_16BYTES",
[4096] = "LNK_COMDAT",
[268435456] = "MEM_SHARED",
[3145728] = "ALIGN_4BYTES",
[6291456] = "ALIGN_32BYTES"
}
.. bro:id:: PE::section_descs
:Type: :bro:type:`table` [:bro:type:`string`] of :bro:type:`string`
:Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:Default:
::
{
[".debug$T"] = "Debug types",
[".bss"] = "Uninitialized data",
[".rdata"] = "Read-only initialized data",
[".debug$S"] = "Debug symbols",
[".idlsym"] = "Includes registered SEH to support IDL attributes",
[".tls$"] = "Thread-local storage",
[".sdata"] = "GP-relative initialized data",
[".xdata"] = "Exception information",
[".reloc"] = "Image relocations",
[".srdata"] = "GP-relative read-only data",
[".edata"] = "Export tables",
[".tls"] = "Thread-local storage",
[".pdata"] = "Exception information",
[".debug$F"] = "Generated FPO debug information",
[".drective"] = "Linker options",
[".sbss"] = "GP-relative uninitialized data",
[".idata"] = "Import tables",
[".sxdata"] = "Registered exception handler data",
[".text"] = "Executable code",
[".vsdata"] = "GP-relative initialized data",
[".debug$P"] = "Precompiled debug types",
[".rsrc"] = "Resource directory",
[".cormeta"] = "CLR metadata that indicates that the object file contains managed code",
[".data"] = "Initialized data"
}
.. bro:id:: PE::windows_subsystems
:Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
:Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
:Default:
::
{
[2] = "WINDOWS_GUI",
[9] = "WINDOWS_CE_GUI",
[11] = "EFI_BOOT_SERVICE_DRIVER",
[14] = "XBOX",
[1] = "NATIVE",
[7] = "POSIX_CUI",
[10] = "EFI_APPLICATION",
[0] = "UNKNOWN",
[3] = "WINDOWS_CUI",
[12] = "EFI_RUNTIME_DRIVER",
[13] = "EFI_ROM"
}

16
doc/scripts/base/files/pe/index.rst
View file

@ -1,16 +0,0 @@
:orphan:
Package: base/files/pe
======================
Support for Portable Executable (PE) file analysis.
:doc:`/scripts/base/files/pe/__load__.bro`
:doc:`/scripts/base/files/pe/consts.bro`
:doc:`/scripts/base/files/pe/main.bro`

115
doc/scripts/base/files/pe/main.bro.rst
View file

@ -1,115 +0,0 @@
:tocdepth: 3
base/files/pe/main.bro
======================
.. bro:namespace:: PE
:Namespace: PE
:Imports: :doc:`base/files/pe/consts.bro </scripts/base/files/pe/consts.bro>`
Summary
~~~~~~~
Types
#####
======================================== =
:bro:type:`PE::Info`: :bro:type:`record`
======================================== =
Redefinitions
#############
========================================================== =
:bro:type:`Log::ID`: :bro:type:`enum`
:bro:type:`fa_file`: :bro:type:`record` :bro:attr:`&redef`
========================================================== =
Events
######
======================================= ===================================
:bro:id:`PE::log_pe`: :bro:type:`event` Event for accessing logged records.
======================================= ===================================
Hooks
#####
======================================== ====================================================
:bro:id:`PE::set_file`: :bro:type:`hook` A hook that gets called when we first see a PE file.
======================================== ====================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Types
#####
.. bro:type:: PE::Info
:Type: :bro:type:`record`
ts: :bro:type:`time` :bro:attr:`&log`
Current timestamp.
id: :bro:type:`string` :bro:attr:`&log`
File id of this portable executable file.
machine: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
The target machine that the file was compiled for.
compile_ts: :bro:type:`time` :bro:attr:`&log` :bro:attr:`&optional`
The time that the file was created at.
os: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
The required operating system.
subsystem: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
The subsystem that is required to run this file.
is_exe: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&default` = ``T`` :bro:attr:`&optional`
Is the file an executable, or just an object file?
is_64bit: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&default` = ``T`` :bro:attr:`&optional`
Is the file a 64-bit executable?
uses_aslr: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&default` = ``F`` :bro:attr:`&optional`
Does the file support Address Space Layout Randomization?
uses_dep: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&default` = ``F`` :bro:attr:`&optional`
Does the file support Data Execution Prevention?
uses_code_integrity: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&default` = ``F`` :bro:attr:`&optional`
Does the file enforce code integrity checks?
uses_seh: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&default` = ``T`` :bro:attr:`&optional`
Does the file use structured exception handing?
has_import_table: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&optional`
Does the file have an import table?
has_export_table: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&optional`
Does the file have an export table?
has_cert_table: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&optional`
Does the file have an attribute certificate table?
has_debug_data: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&optional`
Does the file have a debug table?
section_names: :bro:type:`vector` of :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
The names of the sections, in order.
Events
######
.. bro:id:: PE::log_pe
:Type: :bro:type:`event` (rec: :bro:type:`PE::Info`)
Event for accessing logged records.
Hooks
#####
.. bro:id:: PE::set_file
:Type: :bro:type:`hook` (f: :bro:type:`fa_file`) : :bro:type:`bool`
A hook that gets called when we first see a PE file.

14
doc/scripts/base/files/unified2/__load__.bro.rst
View file

@ -1,14 +0,0 @@
:tocdepth: 3
base/files/unified2/__load__.bro
================================
:Imports: :doc:`base/files/unified2/main.bro </scripts/base/files/unified2/main.bro>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

13
doc/scripts/base/files/unified2/index.rst
View file

@ -1,13 +0,0 @@
:orphan:
Package: base/files/unified2
============================
Support for Unified2 files in the file analysis framework.
:doc:`/scripts/base/files/unified2/__load__.bro`
:doc:`/scripts/base/files/unified2/main.bro`

166
doc/scripts/base/files/unified2/main.bro.rst
View file

@ -1,166 +0,0 @@
:tocdepth: 3
base/files/unified2/main.bro
============================
.. bro:namespace:: Unified2
:Namespace: Unified2
:Imports: :doc:`base/utils/dir.bro </scripts/base/utils/dir.bro>`, :doc:`base/utils/paths.bro </scripts/base/utils/paths.bro>`
Summary
~~~~~~~
Redefinable Options
###################
================================================================================ =====================================================================
:bro:id:`Unified2::classification_config`: :bro:type:`string` :bro:attr:`&redef` The classification.config file you would like to use for your alerts.
:bro:id:`Unified2::gen_msg`: :bro:type:`string` :bro:attr:`&redef` The gen-msg.map file you would like to use for your alerts.
:bro:id:`Unified2::sid_msg`: :bro:type:`string` :bro:attr:`&redef` The sid-msg.map file you would like to use for your alerts.
:bro:id:`Unified2::watch_dir`: :bro:type:`string` :bro:attr:`&redef` Directory to watch for Unified2 records.
:bro:id:`Unified2::watch_file`: :bro:type:`string` :bro:attr:`&redef` File to watch for Unified2 files.
================================================================================ =====================================================================
Types
#####
=================================================================== =
:bro:type:`Unified2::Info`: :bro:type:`record` :bro:attr:`&log`
:bro:type:`Unified2::PacketID`: :bro:type:`record` :bro:attr:`&log`
=================================================================== =
Redefinitions
#############
========================================================== =
:bro:type:`Log::ID`: :bro:type:`enum`
:bro:type:`fa_file`: :bro:type:`record` :bro:attr:`&redef`
========================================================== =
Events
######
=================================================== ===================================================
:bro:id:`Unified2::alert`: :bro:type:`event` Reconstructed "alert" which combines related events
and packets.
:bro:id:`Unified2::log_unified2`: :bro:type:`event` The event for accessing logged records.
=================================================== ===================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: Unified2::classification_config
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``""``
The classification.config file you would like to use for your alerts.
.. bro:id:: Unified2::gen_msg
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``""``
The gen-msg.map file you would like to use for your alerts.
.. bro:id:: Unified2::sid_msg
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``""``
The sid-msg.map file you would like to use for your alerts.
.. bro:id:: Unified2::watch_dir
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``""``
Directory to watch for Unified2 records.
.. bro:id:: Unified2::watch_file
:Type: :bro:type:`string`
:Attributes: :bro:attr:`&redef`
:Default: ``""``
File to watch for Unified2 files.
Types
#####
.. bro:type:: Unified2::Info
:Type: :bro:type:`record`
ts: :bro:type:`time` :bro:attr:`&log`
Timestamp attached to the alert.
id: :bro:type:`Unified2::PacketID` :bro:attr:`&log`
Addresses and ports for the connection.
sensor_id: :bro:type:`count` :bro:attr:`&log`
Sensor that originated this event.
signature_id: :bro:type:`count` :bro:attr:`&log`
Sig id for this generator.
signature: :bro:type:`string` :bro:attr:`&optional` :bro:attr:`&log`
A string representation of the *signature_id* field if a sid_msg.map file was loaded.
generator_id: :bro:type:`count` :bro:attr:`&log`
Which generator generated the alert?
generator: :bro:type:`string` :bro:attr:`&optional` :bro:attr:`&log`
A string representation of the *generator_id* field if a gen_msg.map file was loaded.
signature_revision: :bro:type:`count` :bro:attr:`&log`
Sig revision for this id.
classification_id: :bro:type:`count` :bro:attr:`&log`
Event classification.
classification: :bro:type:`string` :bro:attr:`&optional` :bro:attr:`&log`
Descriptive classification string.
priority_id: :bro:type:`count` :bro:attr:`&log`
Event priority.
event_id: :bro:type:`count` :bro:attr:`&log`
Event ID.
packet: :bro:type:`string` :bro:attr:`&optional` :bro:attr:`&log`
Some of the packet data.
:Attributes: :bro:attr:`&log`
.. bro:type:: Unified2::PacketID
:Type: :bro:type:`record`
src_ip: :bro:type:`addr` :bro:attr:`&log`
src_p: :bro:type:`port` :bro:attr:`&log`
dst_ip: :bro:type:`addr` :bro:attr:`&log`
dst_p: :bro:type:`port` :bro:attr:`&log`
:Attributes: :bro:attr:`&log`
Events
######
.. bro:id:: Unified2::alert
:Type: :bro:type:`event` (f: :bro:type:`fa_file`, ev: :bro:type:`Unified2::IDSEvent`, pkt: :bro:type:`Unified2::Packet`)
Reconstructed "alert" which combines related events
and packets.
.. bro:id:: Unified2::log_unified2
:Type: :bro:type:`event` (rec: :bro:type:`Unified2::Info`)
The event for accessing logged records.

14
doc/scripts/base/files/x509/__load__.bro.rst
View file

@ -1,14 +0,0 @@
:tocdepth: 3
base/files/x509/__load__.bro
============================
:Imports: :doc:`base/files/x509/main.bro </scripts/base/files/x509/main.bro>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

14
doc/scripts/base/files/x509/index.rst
View file

@ -1,14 +0,0 @@
:orphan:
Package: base/files/x509
========================
Support for X509 certificates with the file analysis framework.
Also supports parsing OCSP requests and responses.
:doc:`/scripts/base/files/x509/__load__.bro`
:doc:`/scripts/base/files/x509/main.bro`

78
doc/scripts/base/files/x509/main.bro.rst
View file

@ -1,78 +0,0 @@
:tocdepth: 3
base/files/x509/main.bro
========================
.. bro:namespace:: X509
:Namespace: X509
:Imports: :doc:`base/files/hash </scripts/base/files/hash/index>`, :doc:`base/frameworks/files </scripts/base/frameworks/files/index>`
Summary
~~~~~~~
Types
#####
========================================== ===========================================================
:bro:type:`X509::Info`: :bro:type:`record` The record type which contains the fields of the X.509 log.
========================================== ===========================================================
Redefinitions
#############
============================================================== =
:bro:type:`Files::Info`: :bro:type:`record` :bro:attr:`&redef`
:bro:type:`Log::ID`: :bro:type:`enum`
============================================================== =
Events
######
=========================================== ===================================
:bro:id:`X509::log_x509`: :bro:type:`event` Event for accessing logged records.
=========================================== ===================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Types
#####
.. bro:type:: X509::Info
:Type: :bro:type:`record`
ts: :bro:type:`time` :bro:attr:`&log`
Current timestamp.
id: :bro:type:`string` :bro:attr:`&log`
File id of this certificate.
certificate: :bro:type:`X509::Certificate` :bro:attr:`&log`
Basic information about the certificate.
handle: :bro:type:`opaque` of x509
The opaque wrapping the certificate. Mainly used
for the verify operations.
extensions: :bro:type:`vector` of :bro:type:`X509::Extension` :bro:attr:`&default` = ``[]`` :bro:attr:`&optional`
All extensions that were encountered in the certificate.
san: :bro:type:`X509::SubjectAlternativeName` :bro:attr:`&optional` :bro:attr:`&log`
Subject alternative name extension of the certificate.
basic_constraints: :bro:type:`X509::BasicConstraints` :bro:attr:`&optional` :bro:attr:`&log`
Basic constraints extension of the certificate.
logcert: :bro:type:`bool` :bro:attr:`&default` = ``T`` :bro:attr:`&optional`
(present if :doc:`/scripts/policy/protocols/ssl/log-hostcerts-only.bro` is loaded)
Logging of certificate is suppressed if set to F
The record type which contains the fields of the X.509 log.
Events
######
.. bro:id:: X509::log_x509
:Type: :bro:type:`event` (rec: :bro:type:`X509::Info`)
Event for accessing logged records.