Small script refinements and documentation updates.

scripts/policy/protocols/http/detect-MHR.bro

@@ -4,10 +4,8 @@
 ##! documentation for the :doc:base/protocols/http/file-hash.bro script to see how to 
 ##! configure which transfers will have hashes calculated.
 
-@load base/frameworks/notice/main
-@load base/protocols/http/main
-@load base/protocols/http/utils
-@load base/protocols/http/file-hash
+@load base/frameworks/notice
+@load base/protocols/http
 
 export {
 	redef enum Notice::Type += { 

scripts/policy/protocols/http/detect-sqli.bro

@@ -1,4 +1,4 @@
-##! SQL injection detection in HTTP.
+##! SQL injection attack detection in HTTP.
 
 @load base/frameworks/notice
 @load base/frameworks/metrics
@@ -8,7 +8,10 @@ module HTTP;
 
 export {
 	redef enum Notice::Type += {
+		## Indicates that a host performing SQL injection attacks was detected.
 		SQL_Injection_Attacker,
+		## Indicates that a host was seen to have SQL injection attacks against
+		## it.  This is tracked by IP address as opposed to hostname.
 		SQL_Injection_Attack_Against,
 	};
 	
@@ -49,9 +52,13 @@ export {
 
 event bro_init() &priority=3
 	{
+	# Add filters to the metrics so that the metrics framework knows how to 
+	# determine when it looks like an actual attack and how to respond when
+	# thresholds are crossed.
+	
 	Metrics::add_filter(SQL_ATTACKER, [$log=F,
 	                                   $notice_threshold=sqli_requests_threshold,
-	                                   $break_interval=sqli_requests_interval, 
+	                                   $break_interval=sqli_requests_interval,
 	                                   $note=SQL_Injection_Attacker]);
 	Metrics::add_filter(SQL_ATTACKS_AGAINST, [$log=F, 
 	                                          $notice_threshold=sqli_requests_threshold,

scripts/policy/protocols/http/detect-webapps.bro

@@ -1,7 +1,6 @@
-@load base/frameworks/signatures/main
-@load base/frameworks/software/main
-@load base/protocols/http/main
-@load base/protocols/http/utils
+@load base/frameworks/signatures
+@load base/frameworks/software
+@load base/protocols/http
 
 module HTTP;
 

scripts/policy/protocols/http/software-browser-plugins.bro

@@ -1,5 +1,6 @@
 ##! This script take advantage of a few ways that installed plugin information
-##! leaks from web browsers
+##! leaks from web browsers.
+
 @load base/protocols/http
 @load base/frameworks/software
 

scripts/policy/protocols/http/software.bro

@@ -1,6 +1,6 @@
 ##! Software identification and extraction for HTTP traffic.
 
-@load base/frameworks/software/main
+@load base/frameworks/software
 
 module HTTP;
 

scripts/policy/protocols/http/var-extraction-uri.bro

@@ -1,7 +1,6 @@
 ##! This script extracts and logs variables from the requested URI
 
-@load base/protocols/http/main
-@load base/protocols/http/utils
+@load base/protocols/http
 
 module HTTP;