From 60b2c5f1fe65820fdc9d38d4f3c4c4d16b5d6597 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Fri, 11 Oct 2013 00:19:37 -0500 Subject: [PATCH] Add README files for most Bro frameworks The text from these README files appears on the "Bro Script Packages" page after building the documentation. The text for these was mostly just copied from the existing docs. --- scripts/base/frameworks/analyzer/README | 3 +++ scripts/base/frameworks/cluster/README | 2 ++ scripts/base/frameworks/communication/README | 2 ++ scripts/base/frameworks/control/README | 3 +++ scripts/base/frameworks/dpd/README | 2 ++ scripts/base/frameworks/files/README | 3 +++ scripts/base/frameworks/input/README | 2 ++ scripts/base/frameworks/intel/README | 3 +++ scripts/base/frameworks/logging/README | 1 + scripts/base/frameworks/packet-filter/README | 1 + scripts/base/frameworks/software/README | 3 +++ scripts/base/frameworks/sumstats/README | 2 ++ scripts/base/frameworks/tunnels/README | 2 ++ 13 files changed, 29 insertions(+) create mode 100644 scripts/base/frameworks/analyzer/README create mode 100644 scripts/base/frameworks/cluster/README create mode 100644 scripts/base/frameworks/communication/README create mode 100644 scripts/base/frameworks/control/README create mode 100644 scripts/base/frameworks/dpd/README create mode 100644 scripts/base/frameworks/files/README create mode 100644 scripts/base/frameworks/input/README create mode 100644 scripts/base/frameworks/intel/README create mode 100644 scripts/base/frameworks/logging/README create mode 100644 scripts/base/frameworks/packet-filter/README create mode 100644 scripts/base/frameworks/software/README create mode 100644 scripts/base/frameworks/sumstats/README create mode 100644 scripts/base/frameworks/tunnels/README diff --git a/scripts/base/frameworks/analyzer/README b/scripts/base/frameworks/analyzer/README new file mode 100644 index 0000000000..2180fdd735 --- /dev/null +++ b/scripts/base/frameworks/analyzer/README @@ -0,0 +1,3 @@ +The analyzer framework allows to dynamically enable or disable Bro's +protocol analyzers, as well as to manage the well-known ports which +automatically activate a particular analyzer for new connections. diff --git a/scripts/base/frameworks/cluster/README b/scripts/base/frameworks/cluster/README new file mode 100644 index 0000000000..1bf9907d9b --- /dev/null +++ b/scripts/base/frameworks/cluster/README @@ -0,0 +1,2 @@ +The cluster framework provides for establishing and controlling a cluster +of Bro instances. diff --git a/scripts/base/frameworks/communication/README b/scripts/base/frameworks/communication/README new file mode 100644 index 0000000000..6f73c8c6a4 --- /dev/null +++ b/scripts/base/frameworks/communication/README @@ -0,0 +1,2 @@ +The communication framework facilitates connecting to remote Bro or +Broccoli instances to share state and transfer events. diff --git a/scripts/base/frameworks/control/README b/scripts/base/frameworks/control/README new file mode 100644 index 0000000000..ba6998d43c --- /dev/null +++ b/scripts/base/frameworks/control/README @@ -0,0 +1,3 @@ +The control framework provides the foundation for providing "commands" +that can be taken remotely at runtime to modify a running Bro instance +or collect information from the running instance. diff --git a/scripts/base/frameworks/dpd/README b/scripts/base/frameworks/dpd/README new file mode 100644 index 0000000000..d7f4d9c06a --- /dev/null +++ b/scripts/base/frameworks/dpd/README @@ -0,0 +1,2 @@ +The DPD (dynamic protocol detection) activates port-independent protocol +detection and selectively disables analyzers if protocol violations occur. diff --git a/scripts/base/frameworks/files/README b/scripts/base/frameworks/files/README new file mode 100644 index 0000000000..3788a60040 --- /dev/null +++ b/scripts/base/frameworks/files/README @@ -0,0 +1,3 @@ +The file analysis framework provides an interface for driving the analysis +of files, possibly independent of any network protocol over which they're +transported. diff --git a/scripts/base/frameworks/input/README b/scripts/base/frameworks/input/README new file mode 100644 index 0000000000..6f00f5f6eb --- /dev/null +++ b/scripts/base/frameworks/input/README @@ -0,0 +1,2 @@ +The input framework provides a way to read previously stored data either as +an event stream or into a Bro table. diff --git a/scripts/base/frameworks/intel/README b/scripts/base/frameworks/intel/README new file mode 100644 index 0000000000..56e00cfac1 --- /dev/null +++ b/scripts/base/frameworks/intel/README @@ -0,0 +1,3 @@ +The intelligence framework provides a way to store and query intelligence +data (such as IP addresses or strings). Metadata can also be associated +with the intelligence. diff --git a/scripts/base/frameworks/logging/README b/scripts/base/frameworks/logging/README new file mode 100644 index 0000000000..122b63d366 --- /dev/null +++ b/scripts/base/frameworks/logging/README @@ -0,0 +1 @@ +The logging framework provides a flexible key-value based logging interface. diff --git a/scripts/base/frameworks/packet-filter/README b/scripts/base/frameworks/packet-filter/README new file mode 100644 index 0000000000..536c1527db --- /dev/null +++ b/scripts/base/frameworks/packet-filter/README @@ -0,0 +1 @@ +The packet filter framework supports how Bro sets its BPF capture filter. diff --git a/scripts/base/frameworks/software/README b/scripts/base/frameworks/software/README new file mode 100644 index 0000000000..f22eb67aab --- /dev/null +++ b/scripts/base/frameworks/software/README @@ -0,0 +1,3 @@ +The software framework doesn't do software version detection and parsing +itself, but instead relies on other protocol specific scripts to parse out +software from the protocols they analyze. diff --git a/scripts/base/frameworks/sumstats/README b/scripts/base/frameworks/sumstats/README new file mode 100644 index 0000000000..12b0f7cd42 --- /dev/null +++ b/scripts/base/frameworks/sumstats/README @@ -0,0 +1,2 @@ +The summary statistics framework provides a way to summarize large streams +of data into simple reduced measurements. diff --git a/scripts/base/frameworks/tunnels/README b/scripts/base/frameworks/tunnels/README new file mode 100644 index 0000000000..56b648a4b5 --- /dev/null +++ b/scripts/base/frameworks/tunnels/README @@ -0,0 +1,2 @@ +The tunnels framework handles the tracking/logging of tunnels (e.g. Teredo, +AYIYA, or IP-in-IP such as 6to4 where "IP" is either IPv4 or IPv6).