Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Simplify the logic a big by making Notice$email_dest have a default rather than be optional

Browse source
This commit is contained in:
Vlad Grigorescu 2021-06-17 10:31:04 -05:00
parent bfb26b9227
commit 9d0bd96e1f
21 changed files with 40 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

12
testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-out.log
View file

@ -7,9 +7,9 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions email_dest suppress_for remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] set[string] interval string string string double double
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak DH parameters with 1024 key bits - 192.168.18.50 162.219.2.166 443 - - Notice::ACTION_LOG - 86400.000000 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key DH key length of 1024 bits is smaller certificate key length of 2048 bits - 192.168.18.50 162.219.2.166 443 - - Notice::ACTION_LOG - 86400.000000 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 2048 bit key - 192.168.18.50 162.219.2.166 443 - - Notice::ACTION_LOG - 86400.000000 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak DH parameters with 1024 key bits - 192.168.18.50 162.219.2.166 443 - - Notice::ACTION_LOG (empty) 86400.000000 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key DH key length of 1024 bits is smaller certificate key length of 2048 bits - 192.168.18.50 162.219.2.166 443 - - Notice::ACTION_LOG (empty) 86400.000000 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 2048 bit key - 192.168.18.50 162.219.2.166 443 - - Notice::ACTION_LOG (empty) 86400.000000 - - - - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -19,7 +19,7 @@ XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 - - -
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions email_dest suppress_for remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] set[string] interval string string string double double
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 59062 91.227.4.92 443 - - - tcp SSL::Old_Version Host uses protocol version SSLv2 which is lower than the safe minimum TLSv10 - 192.168.4.149 91.227.4.92 443 - - Notice::ACTION_LOG - 86400.000000 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 59062 91.227.4.92 443 - - - tcp SSL::Old_Version Host uses protocol version SSLv2 which is lower than the safe minimum TLSv10 - 192.168.4.149 91.227.4.92 443 - - Notice::ACTION_LOG (empty) 86400.000000 - - - - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -29,6 +29,6 @@ XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 59062 91.227.4.92 443 - - - tc
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions email_dest suppress_for remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] set[string] interval string string string double double
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.164 58868 194.127.84.106 443 - - - tcp SSL::Weak_Cipher Host established connection using unsafe ciper suite TLS_RSA_WITH_RC4_128_MD5 - 192.150.187.164 194.127.84.106 443 - - Notice::ACTION_LOG - 86400.000000 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.164 58868 194.127.84.106 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 1024 bit key - 192.150.187.164 194.127.84.106 443 - - Notice::ACTION_LOG - 86400.000000 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.164 58868 194.127.84.106 443 - - - tcp SSL::Weak_Cipher Host established connection using unsafe ciper suite TLS_RSA_WITH_RC4_128_MD5 - 192.150.187.164 194.127.84.106 443 - - Notice::ACTION_LOG (empty) 86400.000000 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.164 58868 194.127.84.106 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 1024 bit key - 192.150.187.164 194.127.84.106 443 - - Notice::ACTION_LOG (empty) 86400.000000 - - - - -
#close XXXX-XX-XX-XX-XX-XX