Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

GH-379: move catch-and-release and unified2 scripts to policy/

Browse source 
These are no longer loaded by default due to the performance impact they
cause simply by being loaded (they have event handlers for commonly
generated events) and they aren't generally useful enough to justify it.
This commit is contained in:
Jon Siwek 2019-06-05 13:29:57 -07:00
parent 80fe3d5583
commit b5050437fa
52 changed files with 292 additions and 353 deletions
Download patch file Download diff file Expand all files Collapse all files

26
testing/btest/Baseline/scripts.base.frameworks.intel.updated-match/output
View file

@ -3,23 +3,23 @@
#empty_field (empty)
#unset_field -
#path intel
#open 2017-12-21-02-28-27
#open 2019-06-05-19-44-26
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.indicator seen.indicator_type seen.where seen.node matched sources fuid file_mime_type file_desc
#types time string addr port addr port string enum enum string set[enum] set[string] string string string
1513823307.655824 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1 - - -
1513823310.680693 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1,source2 - - -
1513823310.680693 - - - - - 4.3.2.1 Intel::ADDR SOMEWHERE bro Intel::ADDR source2 - - -
1513823313.736551 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1,source2 - - -
1513823313.736551 - - - - - 4.3.2.1 Intel::ADDR SOMEWHERE bro Intel::ADDR source2 - - -
#close 2017-12-21-02-28-33
1559763866.049905 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1 - - -
1559763867.212778 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1,source2 - - -
1559763867.212778 - - - - - 4.3.2.1 Intel::ADDR SOMEWHERE bro Intel::ADDR source2 - - -
1559763868.245883 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1,source2 - - -
1559763868.245883 - - - - - 4.3.2.1 Intel::ADDR SOMEWHERE bro Intel::ADDR source2 - - -
#close 2019-06-05-19-44-28
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open 2017-12-21-02-28-33
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
1513823313.736551 - - - - - - - - - Intel::Notice Intel hit on 1.2.3.4 at SOMEWHERE 1.2.3.4 - - - - - Notice::ACTION_LOG 3600.000000 F - - - - -
1513823313.736551 - - - - - - - - - Intel::Notice Intel hit on 4.3.2.1 at SOMEWHERE 4.3.2.1 - - - - - Notice::ACTION_LOG 3600.000000 F - - - - -
#close 2017-12-21-02-28-33
#open 2019-06-05-19-44-28
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval string string string double double
1559763868.245883 - - - - - - - - - Intel::Notice Intel hit on 1.2.3.4 at SOMEWHERE 1.2.3.4 - - - - - Notice::ACTION_LOG 3600.000000 - - - - -
1559763868.245883 - - - - - - - - - Intel::Notice Intel hit on 4.3.2.1 at SOMEWHERE 4.3.2.1 - - - - - Notice::ACTION_LOG 3600.000000 - - - - -
#close 2019-06-05-19-44-28