Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add README files for most Bro frameworks

Browse source 
The text from these README files appears on the "Bro Script Packages"
page after building the documentation.  The text for these was mostly just
copied from the existing docs.
This commit is contained in:
Daniel Thayer 2013-10-11 00:19:37 -05:00
parent 50aca717d0
commit 60b2c5f1fe
13 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/frameworks/analyzer/README Normal file
View file

@ -0,0 +1,3 @@
The analyzer framework allows to dynamically enable or disable Bro's
protocol analyzers, as well as to manage the well-known ports which
automatically activate a particular analyzer for new connections.

2
scripts/base/frameworks/cluster/README Normal file
View file

@ -0,0 +1,2 @@
The cluster framework provides for establishing and controlling a cluster
of Bro instances.

2
scripts/base/frameworks/communication/README Normal file
View file

@ -0,0 +1,2 @@
The communication framework facilitates connecting to remote Bro or
Broccoli instances to share state and transfer events.

3
scripts/base/frameworks/control/README Normal file
View file

@ -0,0 +1,3 @@
The control framework provides the foundation for providing "commands"
that can be taken remotely at runtime to modify a running Bro instance
or collect information from the running instance.

2
scripts/base/frameworks/dpd/README Normal file
View file

@ -0,0 +1,2 @@
The DPD (dynamic protocol detection) activates port-independent protocol
detection and selectively disables analyzers if protocol violations occur.

3
scripts/base/frameworks/files/README Normal file
View file

@ -0,0 +1,3 @@
The file analysis framework provides an interface for driving the analysis
of files, possibly independent of any network protocol over which they're
transported.

2
scripts/base/frameworks/input/README Normal file
View file

@ -0,0 +1,2 @@
The input framework provides a way to read previously stored data either as
an event stream or into a Bro table.

3
scripts/base/frameworks/intel/README Normal file
View file

@ -0,0 +1,3 @@
The intelligence framework provides a way to store and query intelligence
data (such as IP addresses or strings). Metadata can also be associated
with the intelligence.

1
scripts/base/frameworks/logging/README Normal file
View file

@ -0,0 +1 @@
The logging framework provides a flexible key-value based logging interface.

1
scripts/base/frameworks/packet-filter/README Normal file
View file

@ -0,0 +1 @@
The packet filter framework supports how Bro sets its BPF capture filter.

3
scripts/base/frameworks/software/README Normal file
View file

@ -0,0 +1,3 @@
The software framework doesn't do software version detection and parsing
itself, but instead relies on other protocol specific scripts to parse out
software from the protocols they analyze.

2
scripts/base/frameworks/sumstats/README Normal file
View file

@ -0,0 +1,2 @@
The summary statistics framework provides a way to summarize large streams
of data into simple reduced measurements.

2
scripts/base/frameworks/tunnels/README Normal file
View file

@ -0,0 +1,2 @@
The tunnels framework handles the tracking/logging of tunnels (e.g. Teredo,
AYIYA, or IP-in-IP such as 6to4 where "IP" is either IPv4 or IPv6).