Add documentation for event parameters

Added documentation that was missing for some event parameters, and
fixed documented name of event parameters.

src/analyzer/protocol/dnp3/events.bif

@@ -32,6 +32,8 @@ event dnp3_application_response_header%(c: connection, is_orig: bool, fc: count,
 ##
 ## qua_field: qualifier field.
 ##
+## number: TODO.
+##
 ## rf_low: the structure of the range field depends on the qualified field.
 ##         In some cases, the range field contains only one logic part, e.g.,
 ##         number of objects, so only *rf_low* contains useful values.

src/analyzer/protocol/modbus/events.bif

@@ -149,7 +149,7 @@ event modbus_write_single_register_response%(c: connection, headers: ModbusHeade
 ##
 ## start_address: The memory address of the first coil to be written.
 ##
-## value: The values to be written to the coils.
+## coils: The values to be written to the coils.
 event modbus_write_multiple_coils_request%(c: connection, headers: ModbusHeaders, start_address: count, coils: ModbusCoils%);
 
 ## Generated for a Modbus write multiple coils response.

src/analyzer/protocol/tcp/events.bif

@@ -108,6 +108,8 @@ event connection_half_finished%(c: connection%);
 ## originator attempted to setup a TCP connection but the responder replied
 ## with a RST packet denying it.
 ##
+## c: The connection.
+##
 ## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK connection_half_finished connection_partial_close
@@ -115,8 +117,6 @@ event connection_half_finished%(c: connection%);
 ##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 ##
-## c: The connection.
-##
 ## .. note::
 ##
 ##    If the responder does not respond at all, :bro:id:`connection_attempt` is

src/event.bif

@@ -591,7 +591,11 @@ event software_unparsed_version_found%(c: connection, host: addr, str: string%);
 ## and it raises this event for each system identified. The p0f fingerprints are
 ## defined by :bro:id:`passive_fingerprint_file`.
 ##
-## TODO.
+## c: The connection.
+##
+## host: The host running the reported OS.
+##
+## OS: The OS version string.
 ##
 ## .. bro:see:: passive_fingerprint_file software_parse_error
 ##    software_version_found software_unparsed_version_found

src/file_analysis/analyzer/unified2/events.bif

@@ -1,7 +1,17 @@
 
 ## Abstract all of the various Unified2 event formats into 
 ## a single event.
+##
+## f: The file.
+##
+## ev: TODO.
+##
 event unified2_event%(f: fa_file, ev: Unified2::IDSEvent%);
 
 ## The Unified2 packet format event.
+##
+## f: The file.
+##
+## pkt: TODO.
+##
 event unified2_packet%(f: fa_file, pkt: Unified2::Packet%);