mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 12:08:20 +00:00
Merge remote-tracking branch 'origin/topic/jsiwek/file-analysis' into topic/seth/file-analysis-exe-analyzer
Conflicts: src/file_analysis/ActionSet.cc src/types.bif
This commit is contained in:
Seth Hall
commit
d72980828f
141 changed files with 3754 additions and 888 deletions
|
|
@ -231,28 +231,25 @@ type gtp_gsn_addr: record;
|
|||
|
||||
module FileAnalysis;
|
||||
|
||||
type ActionArgs: record;
|
||||
type AnalyzerArgs: record;
|
||||
|
||||
## An enumeration of various file analysis actions that can be taken.
|
||||
enum Action %{
|
||||
enum Analyzer %{
|
||||
|
||||
## Extract a file to local filesystem
|
||||
ACTION_EXTRACT,
|
||||
ANALYZER_EXTRACT,
|
||||
|
||||
## Calculate an MD5 digest of the file's contents.
|
||||
ACTION_MD5,
|
||||
ANALYZER_MD5,
|
||||
|
||||
## Calculate an SHA1 digest of the file's contents.
|
||||
ACTION_SHA1,
|
||||
ANALYZER_SHA1,
|
||||
|
||||
## Calculate an SHA256 digest of the file's contents.
|
||||
ACTION_SHA256,
|
||||
ANALYZER_SHA256,
|
||||
|
||||
## Deliver the file contents to the script-layer in an event.
|
||||
ACTION_DATA_EVENT,
|
||||
|
||||
## Windows executable analyzer
|
||||
ACTION_PE_ANALYZER,
|
||||
ANALYZER_DATA_EVENT,
|
||||
%}
|
||||
|
||||
module GLOBAL;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue