mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
Updated tests for file entropy analyzer.
This commit is contained in:
parent
4cb0bf6296
commit
39ebf8df79
3 changed files with 15 additions and 11 deletions
|
@ -28,6 +28,7 @@
|
||||||
@load frameworks/intel/seen/where-locations.bro
|
@load frameworks/intel/seen/where-locations.bro
|
||||||
@load frameworks/intel/seen/x509.bro
|
@load frameworks/intel/seen/x509.bro
|
||||||
@load frameworks/files/detect-MHR.bro
|
@load frameworks/files/detect-MHR.bro
|
||||||
|
@load frameworks/files/entropy-test-all-files.bro
|
||||||
@load frameworks/files/hash-all-files.bro
|
@load frameworks/files/hash-all-files.bro
|
||||||
@load frameworks/packet-filter/shunt.bro
|
@load frameworks/packet-filter/shunt.bro
|
||||||
@load frameworks/software/version-changes.bro
|
@load frameworks/software/version-changes.bro
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path loaded_scripts
|
#path loaded_scripts
|
||||||
#open 2014-10-31-20-38-48
|
#open 2015-02-26-14-14-34
|
||||||
#fields name
|
#fields name
|
||||||
#types string
|
#types string
|
||||||
scripts/base/init-bare.bro
|
scripts/base/init-bare.bro
|
||||||
|
@ -97,6 +97,7 @@ scripts/base/init-bare.bro
|
||||||
build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_ZIP.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_ZIP.events.bif.bro
|
||||||
|
build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro
|
build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro
|
||||||
|
@ -247,4 +248,4 @@ scripts/base/init-default.bro
|
||||||
scripts/base/misc/find-checksum-offloading.bro
|
scripts/base/misc/find-checksum-offloading.bro
|
||||||
scripts/base/misc/find-filtered-trace.bro
|
scripts/base/misc/find-filtered-trace.bro
|
||||||
scripts/policy/misc/loaded-scripts.bro
|
scripts/policy/misc/loaded-scripts.bro
|
||||||
#close 2014-10-31-20-38-48
|
#close 2015-02-26-14-14-34
|
||||||
|
|
|
@ -191,7 +191,7 @@
|
||||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::__create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::__create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::__create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Log::__write, (PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::__write, (PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Cluster::LOG)) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Cluster::LOG)) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Communication::LOG)) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Communication::LOG)) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Conn::LOG)) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Conn::LOG)) -> <null>
|
||||||
|
@ -285,8 +285,8 @@
|
||||||
0.000000 MetaHookPost CallFunction(Log::create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Log::create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Log::create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Log::write, (PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
|
0.000000 MetaHookPost CallFunction(Log::write, (PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(Notice::want_pp, ()) -> <null>
|
0.000000 MetaHookPost CallFunction(Notice::want_pp, ()) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(PacketFilter::build, ()) -> <null>
|
0.000000 MetaHookPost CallFunction(PacketFilter::build, ()) -> <null>
|
||||||
0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, (ip or not ip, and, )) -> <null>
|
0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, (ip or not ip, and, )) -> <null>
|
||||||
|
@ -344,6 +344,7 @@
|
||||||
0.000000 MetaHookPost LoadFile(./Bro_FTP.events.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(./Bro_FTP.events.bif.bro) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(./Bro_FTP.functions.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(./Bro_FTP.functions.bif.bro) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(./Bro_File.events.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(./Bro_File.events.bif.bro) -> -1
|
||||||
|
0.000000 MetaHookPost LoadFile(./Bro_FileEntropy.events.bif.bro) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(./Bro_FileExtract.events.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(./Bro_FileExtract.events.bif.bro) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(./Bro_FileExtract.functions.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(./Bro_FileExtract.functions.bif.bro) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(./Bro_FileHash.events.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(./Bro_FileHash.events.bif.bro) -> -1
|
||||||
|
@ -730,7 +731,7 @@
|
||||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]))
|
0.000000 MetaHookPre CallFunction(Log::__create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509]))
|
0.000000 MetaHookPre CallFunction(Log::__create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]))
|
0.000000 MetaHookPre CallFunction(Log::__create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::__write, (PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T]))
|
0.000000 MetaHookPre CallFunction(Log::__write, (PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Cluster::LOG))
|
0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Cluster::LOG))
|
||||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Communication::LOG))
|
0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Communication::LOG))
|
||||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Conn::LOG))
|
0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Conn::LOG))
|
||||||
|
@ -824,8 +825,8 @@
|
||||||
0.000000 MetaHookPre CallFunction(Log::create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]))
|
0.000000 MetaHookPre CallFunction(Log::create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509]))
|
0.000000 MetaHookPre CallFunction(Log::create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]))
|
0.000000 MetaHookPre CallFunction(Log::create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T]))
|
0.000000 MetaHookPre CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::write, (PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T]))
|
0.000000 MetaHookPre CallFunction(Log::write, (PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T]))
|
||||||
0.000000 MetaHookPre CallFunction(Notice::want_pp, ())
|
0.000000 MetaHookPre CallFunction(Notice::want_pp, ())
|
||||||
0.000000 MetaHookPre CallFunction(PacketFilter::build, ())
|
0.000000 MetaHookPre CallFunction(PacketFilter::build, ())
|
||||||
0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, (ip or not ip, and, ))
|
0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, (ip or not ip, and, ))
|
||||||
|
@ -883,6 +884,7 @@
|
||||||
0.000000 MetaHookPre LoadFile(./Bro_FTP.events.bif.bro)
|
0.000000 MetaHookPre LoadFile(./Bro_FTP.events.bif.bro)
|
||||||
0.000000 MetaHookPre LoadFile(./Bro_FTP.functions.bif.bro)
|
0.000000 MetaHookPre LoadFile(./Bro_FTP.functions.bif.bro)
|
||||||
0.000000 MetaHookPre LoadFile(./Bro_File.events.bif.bro)
|
0.000000 MetaHookPre LoadFile(./Bro_File.events.bif.bro)
|
||||||
|
0.000000 MetaHookPre LoadFile(./Bro_FileEntropy.events.bif.bro)
|
||||||
0.000000 MetaHookPre LoadFile(./Bro_FileExtract.events.bif.bro)
|
0.000000 MetaHookPre LoadFile(./Bro_FileExtract.events.bif.bro)
|
||||||
0.000000 MetaHookPre LoadFile(./Bro_FileExtract.functions.bif.bro)
|
0.000000 MetaHookPre LoadFile(./Bro_FileExtract.functions.bif.bro)
|
||||||
0.000000 MetaHookPre LoadFile(./Bro_FileHash.events.bif.bro)
|
0.000000 MetaHookPre LoadFile(./Bro_FileHash.events.bif.bro)
|
||||||
|
@ -1269,7 +1271,7 @@
|
||||||
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])
|
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])
|
||||||
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509])
|
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509])
|
||||||
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])
|
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])
|
||||||
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])
|
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])
|
||||||
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
|
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
|
||||||
0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
|
0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
|
||||||
0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
|
0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
|
||||||
|
@ -1363,8 +1365,8 @@
|
||||||
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])
|
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])
|
||||||
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509])
|
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509])
|
||||||
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])
|
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])
|
||||||
0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])
|
0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])
|
||||||
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])
|
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])
|
||||||
0.000000 | HookCallFunction Notice::want_pp()
|
0.000000 | HookCallFunction Notice::want_pp()
|
||||||
0.000000 | HookCallFunction PacketFilter::build()
|
0.000000 | HookCallFunction PacketFilter::build()
|
||||||
0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, )
|
0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, )
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue