mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Merge remote-tracking branch 'origin/topic/vern/http-sqli-replacement'
* origin/topic/vern/http-sqli-replacement: site/local: Switch to detect-sql-injection Add a revised script for detecting HTTP SQL injection, deprecate original
This commit is contained in:
Arne Welzel
commit
906b91dca8
15 changed files with 224 additions and 3 deletions
12
NEWS
12
NEWS
|
|
@ -53,6 +53,18 @@ Removed Functionality
|
|||
Deprecated Functionality
|
||||
------------------------
|
||||
|
||||
- The ``protocols/http/detect-sqli.zeek`` script has been deprecated in favor of a
|
||||
new ``protocols/http/detect-sql-injection.zeek`` script to switch from the victim
|
||||
host being placed into the ``src`` field of a notice to instead use ``dst``.
|
||||
The attacker host is now placed into ``src``. Further, notices hold the first
|
||||
sampled connection uid.
|
||||
|
||||
Note that the ``Notice::Type`` enumeration names remain the same. You can determine
|
||||
which script was used by the presence of populated ``uid`` and ``dst`` fields in the
|
||||
``notice.log`` entries.
|
||||
|
||||
The replacement script doesn't populate the ``email_body_sections`` anymore either.
|
||||
|
||||
Zeek 7.2.0
|
||||
==========
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue