Fix minor typos in documentation of various scripts

scripts/base/frameworks/intel/cluster.bro

@@ -12,7 +12,7 @@ redef record Item += {
 	first_dispatch: bool &default=T;
 };
 
-# If this process is not a manager process, we don't want the full metadata
+# If this process is not a manager process, we don't want the full metadata.
 @if ( Cluster::local_node_type() != Cluster::MANAGER )
 redef have_full_data = F;
 @endif
@@ -20,7 +20,7 @@ redef have_full_data = F;
 # Internal event for cluster data distribution.
 global cluster_new_item: event(item: Item);
 
-# Primary intelligence management is done by the manager:
+# Primary intelligence management is done by the manager.
 # The manager informs the workers about new items and item removal.
 redef Cluster::manager2worker_events += /^Intel::(cluster_new_item|purge_item)$/;
 # A worker queries the manager to insert, remove or indicate the match of an item.

scripts/base/frameworks/intel/files.bro

@@ -1,5 +1,5 @@
 ##! File analysis framework integration for the intelligence framework. This
-##! script manages file information in intelligence framework datastructures.
+##! script manages file information in intelligence framework data structures.
 
 @load ./main
 

scripts/base/frameworks/intel/main.bro

@@ -1,6 +1,7 @@
-##! The intelligence framework provides a way to store and query intelligence data
+##! The intelligence framework provides a way to store and query intelligence
-##! (e.g. IP addresses, URLs and hashes). The intelligence items can be associated
+##! data (e.g. IP addresses, URLs and hashes). The intelligence items can be
-##! with metadata to allow informed decisions about matching and handling.
+##! associated with metadata to allow informed decisions about matching and
+##! handling.
 
 @load base/frameworks/notice
 

scripts/base/frameworks/logging/main.bro

@@ -131,7 +131,7 @@ export {
 	## Default log extension function in the case that you would like to
 	## apply the same extensions to all logs.  The function *must* return
 	## a record with all of the fields to be included in the log. The
-	## default function included here does not return a value to indicate
+	## default function included here does not return a value, which indicates
 	## that no extensions are added.
 	const Log::default_ext_func: function(path: string): any =
 		function(path: string) { } &redef;

scripts/base/frameworks/netcontrol/plugin.bro

@@ -18,7 +18,7 @@ export {
 		## Set internally.
 		_priority: int &default=+0;
 
-		## Set internally. Signifies if the plugin has returned that it has activated succesfully.
+		## Set internally. Signifies if the plugin has returned that it has activated successfully.
 		_activated: bool &default=F;
 	};
 

scripts/base/protocols/dce-rpc/main.bro

@@ -26,8 +26,8 @@ export {
 		operation  : string   &log &optional;
 	};
 
-	## These are DCE-RPC operations that are ignored, typically due 
+	## These are DCE-RPC operations that are ignored, typically due to
-	## the operations being noisy and low valueon most networks.
+	## the operations being noisy and low value on most networks.
 	const ignored_operations: table[string] of set[string] = {
 		["winreg"] = set("BaseRegCloseKey", "BaseRegGetVersion", "BaseRegOpenKey", "BaseRegQueryValue", "BaseRegDeleteKeyEx", "OpenLocalMachine", "BaseRegEnumKey", "OpenClassesRoot"),
 		["spoolss"] = set("RpcSplOpenPrinter", "RpcClosePrinter"),
@@ -158,7 +158,7 @@ event dce_rpc_response(c: connection, fid: count, opnum: count, stub_len: count)
 	{
 	if ( c?$dce_rpc )
 		{
-		# If there is noendpoint, there isn't much reason to log.
+		# If there is no endpoint, there isn't much reason to log.
 		# This can happen if the request isn't seen.
 		if ( ( c$dce_rpc?$endpoint && c$dce_rpc?$operation ) &&
 		     ( c$dce_rpc$endpoint !in ignored_operations

scripts/base/protocols/http/entities.bro

@@ -17,7 +17,7 @@ export {
 		## An ordered vector of file unique IDs.
 		orig_fuids:      vector of string &log &optional;
 
-		## An order vector of filenames from the client.
+		## An ordered vector of filenames from the client.
 		orig_filenames:  vector of string &log &optional;
 
 		## An ordered vector of mime types.
@@ -26,7 +26,7 @@ export {
 		## An ordered vector of file unique IDs.
 		resp_fuids:      vector of string &log &optional;
 
-		## An order vector of filenames from the server.
+		## An ordered vector of filenames from the server.
 		resp_filenames:  vector of string &log &optional;
 
 		## An ordered vector of mime types.

scripts/base/protocols/rfb/main.bro

@@ -18,12 +18,12 @@ export {
 		client_minor_version: string &log &optional;
 		## Major version of the server.
 		server_major_version: string &log &optional;
-		## Major version of the client.
+		## Minor version of the server.
 		server_minor_version: string &log &optional;
 
 		## Identifier of authentication method used.
 		authentication_method: string &log &optional;
-		## Whether or not authentication was succesful.
+		## Whether or not authentication was successful.
 		auth: bool &log &optional;
 
 		## Whether the client has an exclusive or a shared session.

scripts/base/protocols/smb/consts.bro

@@ -24,13 +24,13 @@ export {
 		"MsFteWds",
 	};
 
-	## The UUIDs used by the various RPC endpoints
+	## The UUIDs used by the various RPC endpoints.
 	const rpc_uuids: table[string] of string = {
 		["4b324fc8-1670-01d3-1278-5a47bf6ee188"] = "Server Service",
 		["6bffd098-a112-3610-9833-46c3f87e345a"] = "Workstation Service",
 	} &redef &default=function(i: string):string { return fmt("unknown-uuid-%s", i); };
 
-	## Server service sub commands
+	## Server service sub commands.
 	const srv_cmds: table[count] of string = {
 		[8]  = "NetrConnectionEnum",
 		[9]  = "NetrFileEnum",
@@ -81,7 +81,7 @@ export {
 		[57] = "NetrShareDelEx",
 	} &redef &default=function(i: count):string { return fmt("unknown-srv-command-%d", i); };
 
-	## Workstation service sub commands
+	## Workstation service sub commands.
 	const wksta_cmds: table[count] of string = {
 		[0]  = "NetrWkstaGetInfo",
 		[1]  = "NetrWkstaSetInfo",
@@ -108,7 +108,7 @@ export {
 
 	type rpc_cmd_table: table[count] of string;
 	
-	## The subcommands for RPC endpoints
+	## The subcommands for RPC endpoints.
 	const rpc_sub_cmds: table[string] of rpc_cmd_table = {
 		["4b324fc8-1670-01d3-1278-5a47bf6ee188"] = srv_cmds,
 		["6bffd098-a112-3610-9833-46c3f87e345a"] = wksta_cmds,	

scripts/base/protocols/ssl/consts.bro

@@ -30,7 +30,7 @@ export {
 		return fmt("unknown-%d", i);
 		};
 
-	## TLS content types:
+	# TLS content types:
 	const CHANGE_CIPHER_SPEC = 20;
 	const ALERT = 21;
 	const HANDSHAKE = 22;
@@ -41,7 +41,7 @@ export {
 	const V2_CLIENT_MASTER_KEY = 302;
 	const V2_SERVER_HELLO = 304;
 
-	## TLS Handshake types:
+	# TLS Handshake types:
 	const HELLO_REQUEST       = 0;
 	const CLIENT_HELLO        = 1;
 	const SERVER_HELLO        = 2;
@@ -215,7 +215,7 @@ export {
 		[0xFF02] = "arbitrary_explicit_char2_curves"
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };
 
-	## Mapping between numeric codes and human readable string for SSL/TLC EC point formats.
+	## Mapping between numeric codes and human readable string for SSL/TLS EC point formats.
 	# See http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-9
 	const ec_point_formats: table[count] of string = {
 		[0] = "uncompressed",

scripts/base/protocols/ssl/files.bro

@@ -11,7 +11,7 @@ export {
 		## complete signing chain.
 		cert_chain: vector of Files::Info &optional;
 
-		## An ordered vector of all certicate file unique IDs for the
+		## An ordered vector of all certificate file unique IDs for the
 		## certificates offered by the server.
 		cert_chain_fuids: vector of string &optional &log;
 
@@ -19,7 +19,7 @@ export {
 		## complete signing chain.
 		client_cert_chain: vector of Files::Info &optional;
 
-		## An ordered vector of all certicate file unique IDs for the
+		## An ordered vector of all certificate file unique IDs for the
 		## certificates offered by the client.
 		client_cert_chain_fuids: vector of string &optional &log;
 
@@ -116,8 +116,8 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
 		}
 
 	Files::add_analyzer(f, Files::ANALYZER_X509);
-	# always calculate hashes. They are not necessary for base scripts
+	# Always calculate hashes. They are not necessary for base scripts
-	# but very useful for identification, and required for policy scripts
+	# but very useful for identification, and required for policy scripts.
 	Files::add_analyzer(f, Files::ANALYZER_MD5);
 	Files::add_analyzer(f, Files::ANALYZER_SHA1);
 	}

scripts/base/protocols/ssl/main.bro

@@ -44,10 +44,10 @@ export {
 		## is being resumed. It's not logged.
 		client_key_exchange_seen: bool     &default=F;
 		## Count to track if the server already sent an application data
-		## packet fot TLS 1.3. Used to track when a session was established.
+		## packet for TLS 1.3. Used to track when a session was established.
 		server_appdata:   count            &default=0;
 		## Flag to track if the client already sent an application data
-		## packet fot TLS 1.3. Used to track when a session was established.
+		## packet for TLS 1.3. Used to track when a session was established.
 		client_appdata:   bool             &default=F;
 
 		## Last alert that was seen during the connection.
@@ -62,7 +62,7 @@ export {
 		analyzer_id:      count            &optional;
 
 		## Flag to indicate if this ssl session has been established
-		## succesfully, or if it was aborted during the handshake.
+		## successfully, or if it was aborted during the handshake.
 		established:      bool             &log &default=F;
 
 		## Flag to indicate if this record already has been logged, to

scripts/policy/frameworks/intel/do_notice.bro

@@ -7,7 +7,7 @@ module Intel;
 
 export {
 	redef enum Notice::Type += {
-		## Intel::Notice is a notice that happens when an intelligence
+		## This notice is generated when an intelligence
 		## indicator is denoted to be notice-worthy.
 		Intel::Notice
 	};

scripts/policy/misc/stats.bro

@@ -74,7 +74,7 @@ export {
 		reassem_file_size: count &log;
 		## Current size of packet fragment data in reassembly.
 		reassem_frag_size: count &log;
-		## Current size of unkown data in reassembly (this is only PIA buffer right now).
+		## Current size of unknown data in reassembly (this is only PIA buffer right now).
 		reassem_unknown_size: count &log;
 	};
 

scripts/policy/protocols/smb/main.bro

@@ -64,7 +64,7 @@ export {
 		name			: string  &log &optional;
 		## Total size of the file.
 		size			: count   &log &default=0;
-		## If the rename action was seen, this will 
+		## If the rename action was seen, this will be
 		## the file's previous name.
 		prev_name		: string  &log &optional;
 		## Last time this file was modified.
@@ -82,7 +82,7 @@ export {
 
 		## Name of the tree path.
 		path                : string &log &optional;
-		## The type of resource of the tree (disk share, printer share, named pipe, etc.)
+		## The type of resource of the tree (disk share, printer share, named pipe, etc.).
 		service             : string &log &optional;
 		## File system of the tree.
 		native_file_system  : string &log &optional;
@@ -93,34 +93,34 @@ export {
 
 	## This record is for the smb_cmd.log
 	type CmdInfo: record {
-		## Timestamp of the command request
+		## Timestamp of the command request.
 		ts				: time &log;
-		## Unique ID of the connection the request was sent over
+		## Unique ID of the connection the request was sent over.
 		uid				: string &log;
-		## ID of the connection the request was sent over
+		## ID of the connection the request was sent over.
 		id				: conn_id &log;
 		
-		## The command sent by the client
+		## The command sent by the client.
 		command			: string &log;
-		## The subcommand sent by the client, if present
+		## The subcommand sent by the client, if present.
 		sub_command		: string &log &optional;
-		## Command argument sent by the client, if any
+		## Command argument sent by the client, if any.
 		argument		: string &log &optional;
 		
-		## Server reply to the client's command
+		## Server reply to the client's command.
 		status			: string &log &optional;
 		## Round trip time from the request to the response.
 		rtt				: interval &log &optional;
-		## Version of SMB for the command
+		## Version of SMB for the command.
 		version			: string &log;
 
-		## Authenticated username, if available
+		## Authenticated username, if available.
 		username		: string &log &optional;
 		
 		## If this is related to a tree, this is the tree
 		## that was used for the current command.
 		tree			: string &log &optional;
-		## The type of tree (disk share, printer share, named pipe, etc.)
+		## The type of tree (disk share, printer share, named pipe, etc.).
 		tree_service	: string &log &optional;
 		
 		## If the command referenced a file, store it here.
@@ -166,8 +166,8 @@ export {
 		smb_state : State &optional;
 	};
 	
-	## Internal use only
+	## Internal use only.
-	## Some commands shouldn't be logged by the smb1_message event
+	## Some commands shouldn't be logged by the smb1_message event.
 	const deferred_logging_cmds: set[string] = {
 		"NEGOTIATE",
 		"READ_ANDX",
@@ -186,7 +186,7 @@ redef record FileInfo += {
 	## ID referencing this file.
 	fid  : count   &optional;
 
-	## UUID referencing this file if DCE/RPC
+	## UUID referencing this file if DCE/RPC.
 	uuid : string &optional;
 };
 

scripts/policy/protocols/smb/smb1-main.bro

@@ -3,7 +3,7 @@
 module SMB1;
 
 redef record SMB::CmdInfo += {
-	## Dialects offered by the client	
+	## Dialects offered by the client.
 	smb1_offered_dialects: string_vec &optional;
 };
 

scripts/policy/protocols/smb/smb2-main.bro

@@ -3,7 +3,7 @@
 module SMB2;
 
 redef record SMB::CmdInfo += {
-	## Dialects offered by the client	
+	## Dialects offered by the client.
 	smb2_offered_dialects: index_vec &optional;
 };
 

scripts/policy/protocols/ssl/heartbleed.bro

@@ -13,7 +13,7 @@ export {
 		SSL_Heartbeat_Attack_Success,
 		## Indicates we saw heartbeat requests with odd length. Probably an attack or scan.
 		SSL_Heartbeat_Odd_Length,
-		## Indicates we saw many heartbeat requests without an reply. Might be an attack.
+		## Indicates we saw many heartbeat requests without a reply. Might be an attack.
 		SSL_Heartbeat_Many_Requests
 	};
 }