Change http to https links in src and script files

doc/about.rst

@@ -139,9 +139,9 @@ History
 =======
 
 Zeek has a rich history stretching back to the 1990s. `Vern Paxson
-<http://www.icir.org/vern/>`_ designed and implemented the initial version in
+<https://www.icir.org/vern/>`_ designed and implemented the initial version in
 1995 as a researcher at the `Lawrence Berkeley National Laboratory (LBNL)
-<http://www.lbl.gov/>`_. The original software was called “Bro,” as an
+<https://www.lbl.gov/>`_. The original software was called “Bro,” as an
 “Orwellian reminder that monitoring comes hand in hand with the potential
 for privacy violations”.
 
@@ -149,16 +149,16 @@ LBNL first deployed Zeek in 1996, and the USENIX Security Symposium published
 Vern’s original paper on Zeek in 1998, and awarded it the Best Paper Award that
 year He published a refined version of the paper in 1999 as `Bro: A System for
 Detecting Network Intruders in Real-Time
-<http://www.icir.org/vern/papers/bro-CN99.pdf>`_.
+<https://www.icir.org/vern/papers/bro-CN99.pdf>`_.
 
-In 2003, the `National Science Foundation (NSF) <http://www.nsf.gov/>`_ began
+In 2003, the `National Science Foundation (NSF) <https://www.nsf.gov/>`_ began
 supporting research and advanced development on Bro at the `International
-Computer Science Institute (ICSI) <http://www.icsi.berkeley.edu/>`_. (Vern
+Computer Science Institute (ICSI) <https://www.icsi.berkeley.edu/>`_. (Vern
-still leads the ICSI `Networking and Security group <http://www.icir.org/>`_.)
+still leads the ICSI `Networking and Security group <https://www.icir.org/>`_.)
 
 Over the years, a growing team of ICSI researchers and students kept adding
 novel functions to Zeek, while LBNL continued its support with funding from the
-`Department of Energy (DOE) <http://www.doe.gov/>`_. Much of Zeek’s
+`Department of Energy (DOE) <https://www.doe.gov/>`_. Much of Zeek’s
 capabilities originate in academic research projects, with results often
 published at top-tier conferences. A key to Zeek’s success was the project’s
 ability to bridge the gap between academia and operations. This relationship
@@ -172,7 +172,7 @@ As a result, deploying Zeek required overcoming a steep learning curve.
 
 In 2010, NSF sought to address this challenge by awarding ICSI a grant from its
 Software Development for Cyberinfrastructure fund. The `National Center for
-Supercomputing Applications (NCSA) <http://www.ncsa.illinois.edu/>`_ joined the
+Supercomputing Applications (NCSA) <https://www.ncsa.illinois.edu/>`_ joined the
 team as a core partner, and the Zeek project began to overhaul many of the
 user-visible parts of the system for the 2.0 release in 2012.
 

doc/frameworks/signatures.rst

@@ -433,7 +433,7 @@ Things to keep in mind when writing signatures
   signature engine and can be matched with ``\r`` and ``\n``,
   respectively. Generally, Zeek follows `flex's regular expression
   syntax
-  <http://westes.github.io/flex/manual/Patterns.html>`_.
+  <https://westes.github.io/flex/manual/Patterns.html>`_.
   See the DPD signatures in ``base/frameworks/dpd/dpd.sig`` for some examples
   of fairly complex payload patterns.
 

doc/script-reference/autogenerated-file-analyzer-index.rst

@@ -472,7 +472,7 @@ Events
    Generated for encountered X509 certificates, e.g., in the clear SSL/TLS
    connection handshake.
    
-   See `Wikipedia <http://en.wikipedia.org/wiki/X.509>`__ for more information
+   See `Wikipedia <https://en.wikipedia.org/wiki/X.509>`__ for more information
    about the X.509 format.
    
 
@@ -496,7 +496,7 @@ Events
 
    Generated for X509 extensions seen in a certificate.
    
-   See `Wikipedia <http://en.wikipedia.org/wiki/X.509>`__ for more information
+   See `Wikipedia <https://en.wikipedia.org/wiki/X.509>`__ for more information
    about the X.509 format.
    
 

scripts/base/frameworks/openflow/consts.zeek

@@ -23,7 +23,7 @@ const COOKIE_UID_START = 0;
 
 export {
 	# All ethertypes can be found at
-	# http://standards.ieee.org/develop/regauth/ethertype/eth.txt
+	# https://standards.ieee.org/develop/regauth/ethertype/eth.txt
 	# but are not interesting for us at this point
 #type ethertype: enum {
 	# Internet protocol version 4
@@ -69,7 +69,7 @@ export {
 #};
 
 	# A list of ip protocol numbers can be found at
-	# http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
+	# https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
 #type iptype: enum {
 	# IPv6 Hop-by-Hop Option (RFC2460)
 	const IP_HOPOPT = 0x00;

scripts/base/init-bare.zeek

@@ -1552,7 +1552,7 @@ const mmdb_stale_check_interval: interval = 5min &redef;
 
 ## Computed entropy values. The record captures a number of measures that are
 ## computed in parallel. See `A Pseudorandom Number Sequence Test Program
-## <http://www.fourmilab.ch/random>`_ for more information, Zeek uses the same
+## <https://www.fourmilab.ch/random>`_ for more information, Zeek uses the same
 ## code.
 ##
 ## .. zeek:see:: entropy_test_add entropy_test_finish entropy_test_init find_entropy
@@ -3247,7 +3247,7 @@ type bittorrent_peer: record {
 type bittorrent_peer_set: set[bittorrent_peer];
 
 ## BitTorrent "benc" value. Note that "benc" = Bencode ("Bee-Encode"), per
-## http://en.wikipedia.org/wiki/Bencode.
+## https://en.wikipedia.org/wiki/Bencode.
 ##
 ## .. zeek:see:: bittorrent_benc_dir
 type bittorrent_benc_value: record {

scripts/base/protocols/finger/spicy-events.zeek

@@ -4,7 +4,7 @@
 
 ## Generated for Finger requests.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Finger_protocol>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Finger_protocol>`__ for more
 ## information about the Finger protocol.
 ##
 ## c: The connection.
@@ -20,7 +20,7 @@ global finger_request: event(c: connection, full: bool, username: string, hostna
 
 ## Generated for Finger replies.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Finger_protocol>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Finger_protocol>`__ for more
 ## information about the Finger protocol.
 ##
 ## c: The connection.

scripts/base/protocols/http/dpd.sig

@@ -1,5 +1,5 @@
 # List of HTTP headers pulled from:
-#   http://annevankesteren.nl/2007/10/http-methods
+#   https://annevankesteren.nl/2007/10/http-methods
 #
 # We match each side of the connection independently to avoid missing
 # large HTTP sessions where one side exceeds the DPD buffer size on

scripts/base/protocols/rdp/consts.zeek

@@ -1,7 +1,7 @@
 module RDP;
 
 export {
-	# http://www.c-amie.co.uk/technical/mstsc-versions/
+	# https://www.c-amie.co.uk/technical/mstsc-versions/
 	const builds = {
 		[0419] = "RDP 4.0",
 		[2195] = "RDP 5.0",
@@ -79,7 +79,7 @@ export {
 		[4] = "Locked conference",
 	} &default = function(n: count): string { return fmt("result-%d", n); };
 
-	# http://msdn.microsoft.com/en-us/goglobal/bb964664.aspx
+	# https://msdn.microsoft.com/en-us/goglobal/bb964664.aspx
 	# https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-language-pack-default-values
 	const languages = {
 		[1078] = "Afrikaans - South Africa",

scripts/base/protocols/ssl/consts.zeek

@@ -149,7 +149,7 @@ export {
 
 	# Map SSL Extension values to consts for easier readability of code.
 	# More information can be found here:
-	# http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
+	# https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
 	const SSL_EXTENSION_SERVER_NAME = 0;
 	const SSL_EXTENSION_MAX_FRAGMENT_LENGTH = 1;
 	const SSL_EXTENSION_CLIENT_CERTIFICATE_URL = 2;
@@ -227,7 +227,7 @@ export {
 	## Mapping between numeric codes and human readable strings for SSL/TLS
 	## extensions.
 	# More information can be found here:
-	# http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
+	# https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
 	const extensions: table[count] of string = {
 		[0] = "server_name",
 		[1] = "max_fragment_length",
@@ -322,7 +322,7 @@ export {
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };
 
 	## Mapping between numeric codes and human readable string for SSL/TLS elliptic curves.
-	# See http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+	# See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
 	const ec_curves: table[count] of string = {
 		[1] = "sect163k1", # 1-23 are TLS 1.3 obsoleted
 		[2] = "sect163r1",
@@ -404,7 +404,7 @@ export {
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };
 
 	## Mapping between numeric codes and human readable string for SSL/TLS EC point formats.
-	# See http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-9
+	# See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-9
 	const ec_point_formats: table[count] of string = {
 		[0] = "uncompressed",
 		[1] = "ansiX962_compressed_prime",

scripts/base/protocols/ssl/mozilla-ca-list.zeek

@@ -6,7 +6,7 @@
 #
 #   This Source Code Form is subject to the terms of the Mozilla Public
 #   License, v. 2.0. If a copy of the MPL was not distributed with this
-#   file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#   file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
 @load base/protocols/ssl
 module SSL;

scripts/base/protocols/syslog/spicy-events.zeek

@@ -4,7 +4,7 @@
 
 ## Generated for monitored Syslog messages.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Syslog>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Syslog>`__ for more
 ## information about the Syslog protocol.
 ##
 ## c: The connection record for the underlying transport-layer session/flow.

scripts/policy/protocols/ssl/heartbleed.zeek

@@ -1,4 +1,4 @@
-##! Detect the TLS heartbleed attack. See http://heartbleed.com for more.
+##! Detect the TLS heartbleed attack. See https://heartbleed.com for more.
 
 @load base/protocols/ssl
 @load base/frameworks/notice

scripts/zeekygen/example.zeek

@@ -5,7 +5,7 @@
 ##!
 ##! Comments in the from ``##!`` are meant to summarize the script's
 ##! purpose.  They are transferred directly into the generated
-##! `reStructuredText <http://docutils.sourceforge.net/rst.html>`_
+##! `reStructuredText <https://docutils.sourceforge.net/rst.html>`_
 ##! (reST) document associated with the script.
 ##!
 ##! .. tip:: You can embed directives and roles within ``##``-stylized comments.

src/analyzer/protocol/bittorrent/BitTorrentTracker.h

@@ -31,7 +31,7 @@ enum BTT_States : uint8_t {
     BTT_RES_DONE
 };
 
-// "benc" = Bencode ("Bee-Encode"), per http://en.wikipedia.org/wiki/Bencode
+// "benc" = Bencode ("Bee-Encode"), per https://en.wikipedia.org/wiki/Bencode
 enum BTT_BencTypes : uint8_t {
     BENC_TYPE_INT = 0,
     BENC_TYPE_STR = 1,

src/analyzer/protocol/bittorrent/events.bif

@@ -1,6 +1,6 @@
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -13,7 +13,7 @@ event bittorrent_peer_handshake%(c: connection, is_orig: bool,
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -25,7 +25,7 @@ event bittorrent_peer_keep_alive%(c: connection, is_orig: bool%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel
@@ -37,7 +37,7 @@ event bittorrent_peer_choke%(c: connection, is_orig: bool%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -49,7 +49,7 @@ event bittorrent_peer_unchoke%(c: connection, is_orig: bool%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -61,7 +61,7 @@ event bittorrent_peer_interested%(c: connection, is_orig: bool%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -73,7 +73,7 @@ event bittorrent_peer_not_interested%(c: connection, is_orig: bool%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -85,7 +85,7 @@ event bittorrent_peer_have%(c: connection, is_orig: bool, piece_index: count%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see::  bittorrent_peer_cancel bittorrent_peer_choke bittorrent_peer_handshake
@@ -97,7 +97,7 @@ event bittorrent_peer_bitfield%(c: connection, is_orig: bool, bitfield: string%)
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -110,7 +110,7 @@ event bittorrent_peer_request%(c: connection, is_orig: bool, index: count,
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -123,7 +123,7 @@ event bittorrent_peer_piece%(c: connection, is_orig: bool, index: count,
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield  bittorrent_peer_choke
@@ -136,7 +136,7 @@ event bittorrent_peer_cancel%(c: connection, is_orig: bool, index: count,
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -148,7 +148,7 @@ event bittorrent_peer_port%(c: connection, is_orig: bool, listen_port: port%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -161,7 +161,7 @@ event bittorrent_peer_unknown%(c: connection, is_orig: bool, message_id: count,
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -173,7 +173,7 @@ event bittorrent_peer_weird%(c: connection, is_orig: bool, msg: string%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -186,7 +186,7 @@ event bt_tracker_request%(c: connection, uri: string,
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -201,7 +201,7 @@ event bt_tracker_response%(c: connection, status: count,
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -214,7 +214,7 @@ event bt_tracker_response_not_ok%(c: connection, status: count,
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/BitTorrent_(protocol)>`__ for
 ## more information about the BitTorrent protocol.
 ##
 ## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke
@@ -223,4 +223,3 @@ event bt_tracker_response_not_ok%(c: connection, status: count,
 ##    bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke
 ##    bittorrent_peer_unknown bittorrent_peer_weird
 event bt_tracker_weird%(c: connection, is_orig: bool, msg: string%);
-

src/analyzer/protocol/dns/events.bif

@@ -1,6 +1,6 @@
 ## Generated for all DNS messages.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -25,7 +25,7 @@ event dns_message%(c: connection, is_orig: bool, msg: dns_msg, len: count%);
 ## Generated for DNS requests. For requests with multiple queries, this event
 ## is raised once for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -57,7 +57,7 @@ event dns_request%(c: connection, msg: dns_msg, query: string, qtype: count, qcl
 ## answers to a query. Note that all of the event's parameters are parsed out of
 ## the reply; there's no stateful correlation with the query.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -86,7 +86,7 @@ event dns_rejected%(c: connection, msg: dns_msg, query: string, qtype: count, qc
 
 ## Generated for each entry in the Question section of a DNS reply.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -118,7 +118,7 @@ event dns_query_reply%(c: connection, msg: dns_msg, query: string,
 ## Generated for DNS replies of type *A*. For replies with multiple answers, an
 ## individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -143,7 +143,7 @@ event dns_A_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%);
 ## Generated for DNS replies of type *AAAA*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -168,7 +168,7 @@ event dns_AAAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%);
 ## Generated for DNS replies of type *A6*. For replies with multiple answers, an
 ## individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -193,7 +193,7 @@ event dns_A6_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%);
 ## Generated for DNS replies of type *NS*. For replies with multiple answers, an
 ## individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -218,7 +218,7 @@ event dns_NS_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%)
 ## Generated for DNS replies of type *CNAME*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -243,7 +243,7 @@ event dns_CNAME_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: strin
 ## Generated for DNS replies of type *PTR*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -268,7 +268,7 @@ event dns_PTR_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%
 ## Generated for DNS replies of type *CNAME*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -293,7 +293,7 @@ event dns_SOA_reply%(c: connection, msg: dns_msg, ans: dns_answer, soa: dns_soa%
 ## Generated for DNS replies of type *WKS*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -316,7 +316,7 @@ event dns_WKS_reply%(c: connection, msg: dns_msg, ans: dns_answer%);
 ## Generated for DNS replies of type *HINFO*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -339,7 +339,7 @@ event dns_HINFO_reply%(c: connection, msg: dns_msg, ans: dns_answer, cpu: string
 ## Generated for DNS replies of type *MX*. For replies with multiple answers, an
 ## individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -366,7 +366,7 @@ event dns_MX_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string,
 ## Generated for DNS replies of type *TXT*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -391,7 +391,7 @@ event dns_TXT_reply%(c: connection, msg: dns_msg, ans: dns_answer, strs: string_
 ## Generated for DNS replies of type *SPF*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -435,7 +435,7 @@ event dns_CAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, flags: count,
 ## Generated for DNS replies of type *SRV*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -502,7 +502,7 @@ event dns_unknown_reply%(c: connection, msg: dns_msg, ans: dns_answer%);
 ## Generated for DNS replies of type *EDNS*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -530,7 +530,7 @@ event dns_EDNS_addl%(c: connection, msg: dns_msg, ans: dns_edns_additional%);
 ## Generated for DNS replies of type *EDNS*. For replies with multiple options,
 ## an individual event is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -559,7 +559,7 @@ event dns_EDNS_ecs%(c: connection, msg: dns_msg, opt: dns_edns_ecs%);
 ## an opt-type of 11. For replies with multiple option fields, an individual event is
 ## raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. See `RFC7828 <https://tools.ietf.org/html/rfc7828>`__ for
 ## more information about EDNS0 TCP keepalive. Zeek analyzes both UDP and TCP DNS
 ## sessions.
@@ -589,7 +589,7 @@ event dns_EDNS_tcp_keepalive%(c: connection, msg: dns_msg, opt: dns_edns_tcp_kee
 ## an opt-type of 10. For replies with multiple options fields, an individual event
 ## is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. See `RFC7873 <https://tools.ietf.org/html/rfc7873>`__ for
 ## more information about EDNS0 cookie. Zeek analyzes both UDP and TCP DNS
 ## sessions.
@@ -618,7 +618,7 @@ event dns_EDNS_cookie%(c: connection, msg: dns_msg, opt: dns_edns_cookie%);
 ## Generated for DNS replies of type *TKEY*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. See `RFC2930 <https://tools.ietf.org/html/rfc2930>`__
 ## for more information about TKEY. Zeek analyzes both UDP and TCP DNS sessions.
 ##
@@ -640,7 +640,7 @@ event dns_TKEY%(c: connection, msg: dns_msg, ans: dns_tkey%);
 ## Generated for DNS replies of type *TSIG*. For replies with multiple answers,
 ## an individual event of the corresponding type is raised for each.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##
@@ -819,7 +819,7 @@ event dns_HTTPS%(c: connection, msg: dns_msg, ans: dns_answer, https: dns_svcb_r
 ## ``dns_*`` event that will be raised for a DNS query/reply and signals that
 ## all resource records have been passed on.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
 ## information about the DNS protocol. Zeek analyzes both UDP and TCP DNS
 ## sessions.
 ##

src/analyzer/protocol/finger/legacy/events.bif

@@ -1,6 +1,6 @@
 ## Generated for Finger requests.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Finger_protocol>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Finger_protocol>`__ for more
 ## information about the Finger protocol.
 ##
 ## c: The connection.
@@ -21,7 +21,7 @@ event finger_request%(c: connection, full: bool, username: string, hostname: str
 
 ## Generated for Finger replies.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Finger_protocol>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Finger_protocol>`__ for more
 ## information about the Finger protocol.
 ##
 ## c: The connection.
@@ -35,4 +35,3 @@ event finger_request%(c: connection, full: bool, username: string, hostname: str
 ##    been ported. To still enable this event, one needs to
 ##    register a port for it or add a DPD payload signature.
 event finger_reply%(c: connection, reply_line: string%);
-

src/analyzer/protocol/ftp/events.bif

@@ -1,6 +1,6 @@
 ## Generated for client-side FTP commands.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/File_Transfer_Protocol>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/File_Transfer_Protocol>`__ for
 ## more information about the FTP protocol.
 ##
 ## c: The connection.
@@ -15,7 +15,7 @@ event ftp_request%(c: connection, command: string, arg: string%);
 
 ## Generated for server-side FTP replies.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/File_Transfer_Protocol>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/File_Transfer_Protocol>`__ for
 ## more information about the FTP protocol.
 ##
 ## c: The connection.

src/analyzer/protocol/gnutella/events.bif

@@ -1,6 +1,6 @@
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Gnutella>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Gnutella>`__ for more
 ## information about the Gnutella protocol.
 ##
 ## .. zeek:see::  gnutella_binary_msg gnutella_establish gnutella_http_notify
@@ -15,7 +15,7 @@ event gnutella_text_msg%(c: connection, orig: bool, headers: string%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Gnutella>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Gnutella>`__ for more
 ## information about the Gnutella protocol.
 ##
 ## .. zeek:see:: gnutella_establish gnutella_http_notify gnutella_not_establish
@@ -32,7 +32,7 @@ event gnutella_binary_msg%(c: connection, orig: bool, msg_type: count,
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Gnutella>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Gnutella>`__ for more
 ## information about the Gnutella protocol.
 ##
 ## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify
@@ -47,7 +47,7 @@ event gnutella_partial_binary_msg%(c: connection, orig: bool,
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Gnutella>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Gnutella>`__ for more
 ## information about the Gnutella protocol.
 ##
 ## .. zeek:see:: gnutella_binary_msg  gnutella_http_notify gnutella_not_establish
@@ -61,7 +61,7 @@ event gnutella_establish%(c: connection%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Gnutella>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Gnutella>`__ for more
 ## information about the Gnutella protocol.
 ##
 ## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify
@@ -75,7 +75,7 @@ event gnutella_not_establish%(c: connection%);
 
 ## TODO.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Gnutella>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Gnutella>`__ for more
 ## information about the Gnutella protocol.
 ##
 ## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_not_establish

src/analyzer/protocol/http/events.bif

@@ -4,7 +4,7 @@
 ## dialogues. This event is generated as soon as a request's initial line has
 ## been parsed, and before any :zeek:id:`http_header` events are raised.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
 ## for more information about the HTTP protocol.
 ##
 ## c: The connection.
@@ -27,7 +27,7 @@ event http_request%(c: connection, method: string, original_URI: string, unescap
 ## dialogues. This event is generated as soon as a reply's initial line has
 ## been parsed, and before any :zeek:id:`http_header` events are raised.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
 ## for more information about the HTTP protocol.
 ##
 ## c: The connection.
@@ -47,7 +47,7 @@ event http_reply%(c: connection, version: string, code: count, reason: string%);
 ## sessions and raises corresponding events as it parses client/server
 ## dialogues.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
 ## for more information about the HTTP protocol.
 ##
 ## c: The connection.
@@ -73,7 +73,7 @@ event http_header%(c: connection, is_orig: bool, name: string, value: string%);
 ## once. Zeek supports persistent and pipelined HTTP sessions and raises
 ## corresponding events as it parses client/server dialogues.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
 ## for more information about the HTTP protocol.
 ##
 ## c: The connection.
@@ -98,7 +98,7 @@ event http_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%);
 ## entities. Zeek raises this event just before it starts parsing each entity's
 ## content.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
 ## for more information about the HTTP protocol.
 ##
 ## c: The connection.
@@ -117,7 +117,7 @@ event http_begin_entity%(c: connection, is_orig: bool%);
 ## entities. Zeek raises this event at the point when it has finished parsing an
 ## entity's content.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
 ## for more information about the HTTP protocol.
 ##
 ## c: The connection.
@@ -141,7 +141,7 @@ event http_end_entity%(c: connection, is_orig: bool%);
 ## can be quite expensive for HTTP tranders. At the very least, one should
 ## impose an upper size limit on how much data is being buffered.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
 ## for more information about the HTTP protocol.
 ##
 ## c: The connection.
@@ -164,7 +164,7 @@ event http_entity_data%(c: connection, is_orig: bool, length: count, data: strin
 ## type as specified by the ``Content-Type`` header. If that header is
 ## missing, this event is still raised with a default value of ``text/plain``.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
 ## for more information about the HTTP protocol.
 ##
 ## c: The connection.
@@ -192,7 +192,7 @@ event http_content_type%(c: connection, is_orig: bool, ty: string, subty: string
 ## message have been processed (and their corresponding ``http_entity_*`` events
 ## generated).
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
 ## for more information about the HTTP protocol.
 ##
 ## c: The connection.
@@ -209,7 +209,7 @@ event http_message_done%(c: connection, is_orig: bool, stat: http_message_stat%)
 
 ## Generated for errors found when decoding HTTP requests or replies.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol>`__
 ## for more information about the HTTP protocol.
 ##
 ## c: The connection.

src/analyzer/protocol/ident/events.bif

@@ -1,6 +1,6 @@
 ## Generated for Ident requests.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/ident_protocol>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/ident_protocol>`__ for more
 ## information about the Ident protocol.
 ##
 ## c: The connection.
@@ -19,7 +19,7 @@ event ident_request%(c: connection, lport: port, rport: port%);
 
 ## Generated for Ident replies.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/ident_protocol>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/ident_protocol>`__ for more
 ## information about the Ident protocol.
 ##
 ## c: The connection.
@@ -42,7 +42,7 @@ event ident_reply%(c: connection, lport: port, rport: port, user_id: string, sys
 
 ## Generated for Ident error replies.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/ident_protocol>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/ident_protocol>`__ for more
 ## information about the Ident protocol.
 ##
 ## c: The connection.
@@ -60,4 +60,3 @@ event ident_reply%(c: connection, lport: port, rport: port, user_id: string, sys
 ##    been ported. To still enable this event, one needs to
 ##    register a port for it or add a DPD payload signature.
 event ident_error%(c: connection, lport: port, rport: port, line: string%);
-

src/analyzer/protocol/irc/events.bif

@@ -1,7 +1,7 @@
 
 ## Generated for all client-side IRC commands.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -30,7 +30,7 @@ event irc_request%(c: connection, is_orig: bool, prefix: string,
 ## Generated for all IRC replies. IRC replies are sent in response to a
 ## request and come with a reply code.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -55,7 +55,7 @@ event irc_reply%(c: connection, is_orig: bool, prefix: string,
 
 ## Generated for IRC commands forwarded from the server to the client.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -86,7 +86,7 @@ event irc_message%(c: connection, is_orig: bool, prefix: string,
 ## Generated for IRC messages of type *quit*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -108,7 +108,7 @@ event irc_quit_message%(c: connection, is_orig: bool, nick: string, message: str
 ## Generated for IRC messages of type *privmsg*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -133,7 +133,7 @@ event irc_privmsg_message%(c: connection, is_orig: bool, source: string,
 ## Generated for IRC messages of type *notice*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -158,7 +158,7 @@ event irc_notice_message%(c: connection, is_orig: bool, source: string,
 ## Generated for IRC messages of type *squery*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -183,7 +183,7 @@ event irc_squery_message%(c: connection, is_orig: bool, source: string,
 ## Generated for IRC messages of type *join*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -203,7 +203,7 @@ event irc_join_message%(c: connection, is_orig: bool, info_list: irc_join_list%)
 ## Generated for IRC messages of type *part*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -228,7 +228,7 @@ event irc_part_message%(c: connection, is_orig: bool, nick: string,
 ## Generated for IRC messages of type *nick*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -249,7 +249,7 @@ event irc_nick_message%(c: connection, is_orig: bool, who: string, newnick: stri
 
 ## Generated when a server rejects an IRC nickname.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -266,7 +266,7 @@ event irc_invalid_nick%(c: connection, is_orig: bool%);
 
 ## Generated for an IRC reply of type *luserclient*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -290,7 +290,7 @@ event irc_network_info%(c: connection, is_orig: bool, users: count,
 
 ## Generated for an IRC reply of type *luserme*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -314,7 +314,7 @@ event irc_server_info%(c: connection, is_orig: bool, users: count,
 
 ## Generated for an IRC reply of type *luserchannels*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -333,7 +333,7 @@ event irc_channel_info%(c: connection, is_orig: bool, chans: count%);
 
 ## Generated for an IRC reply of type *whoreply*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -372,7 +372,7 @@ event irc_who_line%(c: connection, is_orig: bool, target_nick: string,
 
 ## Generated for an IRC reply of type *namereply*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -396,7 +396,7 @@ event irc_names_info%(c: connection, is_orig: bool, c_type: string,
 
 ## Generated for an IRC reply of type *whoisoperator*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -415,7 +415,7 @@ event irc_whois_operator_line%(c: connection, is_orig: bool, nick: string%);
 
 ## Generated for an IRC reply of type *whoischannels*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -437,7 +437,7 @@ event irc_whois_channel_line%(c: connection, is_orig: bool, nick: string,
 
 ## Generated for an IRC reply of type *whoisuser*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -463,7 +463,7 @@ event irc_whois_user_line%(c: connection, is_orig: bool, nick: string,
 
 ## Generated for IRC replies of type *youreoper* and *nooperhost*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -483,7 +483,7 @@ event irc_oper_response%(c: connection, is_orig: bool, got_oper: bool%);
 
 ## Generated for an IRC reply of type *globalusers*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -505,7 +505,7 @@ event irc_global_users%(c: connection, is_orig: bool, prefix: string, msg: strin
 
 ## Generated for an IRC reply of type *topic*.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -527,7 +527,7 @@ event irc_channel_topic%(c: connection, is_orig: bool, channel: string, topic: s
 ## Generated for IRC messages of type *who*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -549,7 +549,7 @@ event irc_who_message%(c: connection, is_orig: bool, mask: string, oper: bool%);
 ## Generated for IRC messages of type *whois*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -571,7 +571,7 @@ event irc_whois_message%(c: connection, is_orig: bool, server: string, users: st
 ## Generated for IRC messages of type *oper*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -593,7 +593,7 @@ event irc_oper_message%(c: connection, is_orig: bool, user: string, password: st
 ## Generated for IRC messages of type *kick*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -621,7 +621,7 @@ event irc_kick_message%(c: connection, is_orig: bool, prefix: string,
 ## Generated for IRC messages of type *error*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -644,7 +644,7 @@ event irc_error_message%(c: connection, is_orig: bool, prefix: string, message:
 ## Generated for IRC messages of type *invite*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -670,7 +670,7 @@ event irc_invite_message%(c: connection, is_orig: bool, prefix: string,
 ## Generated for IRC messages of type *mode*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -693,7 +693,7 @@ event irc_mode_message%(c: connection, is_orig: bool, prefix: string, params: st
 ## Generated for IRC messages of type *squit*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -719,7 +719,7 @@ event irc_squit_message%(c: connection, is_orig: bool, prefix: string,
 ## Generated for IRC messages of type *dcc*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## See `Wikipedia <https://en.wikipedia.org/wiki/Direct_Client-to-Client>`__ for more
@@ -758,7 +758,7 @@ event irc_dcc_message%(c: connection, is_orig: bool,
 ## Generated for IRC messages of type *dcc*. This event is generated for
 ## DCC SEND acknowledge message.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## See `Wikipedia <https://en.wikipedia.org/wiki/Direct_Client-to-Client>`__ for more
@@ -778,7 +778,7 @@ event irc_dcc_send_ack%(c: connection, bytes_received: count%);
 ## Generated for IRC messages of type *user*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.
@@ -804,7 +804,7 @@ event irc_user_message%(c: connection, is_orig: bool, user: string, host: string
 ## Generated for IRC messages of type *password*. This event is generated for
 ## messages coming from both the client and the server.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Internet_Relay_Chat>`__ for more
 ## information about the IRC protocol.
 ##
 ## c: The connection.

src/analyzer/protocol/krb/events.bif

@@ -4,7 +4,7 @@
 ## encrypted Ticket Granting Ticket (TGT) for that user. The TGT
 ## can then be used to request further tickets for other services.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
 ## more information about the Kerberos protocol.
 ##
 ## c: The connection over which this Kerberos message was sent.
@@ -20,7 +20,7 @@ event krb_as_request%(c: connection, msg: KRB::KDC_Request%);
 ## contains an encrypted Ticket Granting Ticket (TGT) for that user.
 ## The TGT can then be used to request further tickets for other services.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
 ## more information about the Kerberos protocol.
 ##
 ## c: The connection over which this Kerberos message was sent.
@@ -37,7 +37,7 @@ event krb_as_response%(c: connection, msg: KRB::KDC_Response%);
 ## authenticate to a Kerberized service, the client requests a Service
 ## Ticket, which will be returned in the TGS reply.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
 ## more information about the Kerberos protocol.
 ##
 ## c: The connection over which this Kerberos message was sent.
@@ -53,7 +53,7 @@ event krb_tgs_request%(c: connection, msg: KRB::KDC_Request%);
 ## which is encrypted with the service's long-term key, and which the
 ## client can use to authenticate to that service.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
 ## more information about the Kerberos protocol.
 ##
 ## c: The connection over which this Kerberos message was sent.
@@ -69,7 +69,7 @@ event krb_tgs_response%(c: connection, msg: KRB::KDC_Response%);
 ## that should be part of the first message in an authenticated
 ## transaction.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
 ## more information about the Kerberos protocol.
 ##
 ## c: The connection over which this Kerberos message was sent.
@@ -88,7 +88,7 @@ event krb_ap_request%(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options%
 ## doesn't have much useful data, but it's provided in case it's important
 ## to know that this message was sent.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
 ## more information about the Kerberos protocol.
 ##
 ## c: The connection over which this Kerberos message was sent.
@@ -102,7 +102,7 @@ event krb_ap_response%(c: connection%);
 ## have much useful data, but it's provided in case it's important to
 ## know that this message was sent.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
 ## more information about the Kerberos protocol.
 ##
 ## c: The connection over which this Kerberos message was sent.
@@ -116,7 +116,7 @@ event krb_priv%(c: connection, is_orig: bool%);
 ## A Kerberos 5 ``Safe Message`` as defined in :rfc:`4120`. This is a
 ## safe (checksummed) application message.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
 ## more information about the Kerberos protocol.
 ##
 ## c: The connection over which this Kerberos message was sent.
@@ -132,7 +132,7 @@ event krb_safe%(c: connection, is_orig: bool, msg: KRB::SAFE_Msg%);
 ## A Kerberos 5 ``Credential Message`` as defined in :rfc:`4120`. This is
 ## a private (encrypted) message to forward credentials.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
 ## more information about the Kerberos protocol.
 ##
 ## c: The connection over which this Kerberos message was sent.
@@ -147,7 +147,7 @@ event krb_cred%(c: connection, is_orig: bool, tickets: KRB::Ticket_Vector%);
 
 ## A Kerberos 5 ``Error Message`` as defined in :rfc:`4120`.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Kerberos_%28protocol%29>`__ for
 ## more information about the Kerberos protocol.
 ##
 ## c: The connection over which this Kerberos message was sent.

src/analyzer/protocol/login/events.bif

@@ -245,7 +245,7 @@ event login_display%(c: connection, display: string%);
 ## option is sent from client to server and the server replies that it accepts
 ## the authentication, then the event engine generates this event.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Telnet>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/Telnet>`__ for more information
 ## about the Telnet protocol.
 ##
 ## name: The authenticated name.
@@ -270,7 +270,7 @@ event authentication_accepted%(name: string, c: connection%);
 ## is sent from client to server and the server replies that it did not accept
 ## the authentication, then the event engine generates this event.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Telnet>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/Telnet>`__ for more information
 ## about the Telnet protocol.
 ##
 ## name: The attempted authentication name.
@@ -293,7 +293,7 @@ event authentication_rejected%(name: string, c: connection%);
 ## Generated for Telnet/Rlogin sessions when a pattern match indicates
 ## that no authentication is performed.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Telnet>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/Telnet>`__ for more information
 ## about the Telnet protocol.
 ##
 ## c: The connection.
@@ -318,7 +318,7 @@ event authentication_skipped%(c: connection%);
 ## This information is extracted out of environment variables sent as Telnet
 ## options.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Telnet>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/Telnet>`__ for more information
 ## about the Telnet protocol.
 ##
 ## c: The connection.
@@ -339,7 +339,7 @@ event login_prompt%(c: connection, prompt: string%);
 ## protocol includes options for negotiating encryption. When such a series of
 ## options is successfully negotiated, the event engine generates this event.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Telnet>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/Telnet>`__ for more information
 ## about the Telnet protocol.
 ##
 ## c: The connection.
@@ -357,7 +357,7 @@ event activating_encryption%(c: connection%);
 ## do, or what it itself offered in terms of options in the past, then the
 ## engine generates this event.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Telnet>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/Telnet>`__ for more information
 ## about the Telnet protocol.
 ##
 ## c: The connection.
@@ -370,7 +370,7 @@ event inconsistent_option%(c: connection%);
 
 ## Generated for an ill-formed or unrecognized Telnet option.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Telnet>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/Telnet>`__ for more information
 ## about the Telnet protocol.
 ##
 ## c: The connection.
@@ -389,7 +389,7 @@ event bad_option%(c: connection%);
 
 ## Generated for a Telnet option that's incorrectly terminated.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Telnet>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/Telnet>`__ for more information
 ## about the Telnet protocol.
 ##
 ## c: The connection.

src/analyzer/protocol/mime/events.bif

@@ -4,7 +4,7 @@
 ## begins parsing a MIME entity extracted from an email protocol.
 ##
 ## Zeek's MIME analyzer for emails currently supports SMTP and POP3. See
-## `Wikipedia <http://en.wikipedia.org/wiki/MIME>`__ for more information
+## `Wikipedia <https://en.wikipedia.org/wiki/MIME>`__ for more information
 ## about MIME.
 ##
 ## c: The connection.
@@ -23,7 +23,7 @@ event mime_begin_entity%(c: connection%);
 ## finished parsing a MIME entity extracted from an email protocol.
 ##
 ## Zeek's MIME analyzer for emails currently supports SMTP and POP3. See
-## `Wikipedia <http://en.wikipedia.org/wiki/MIME>`__ for more information
+## `Wikipedia <https://en.wikipedia.org/wiki/MIME>`__ for more information
 ## about MIME.
 ##
 ## c: The connection.
@@ -41,7 +41,7 @@ event mime_end_entity%(c: connection%);
 ## files, along with corresponding metadata, for transmission.
 ##
 ## Zeek's MIME analyzer for emails currently supports SMTP and POP3. See
-## `Wikipedia <http://en.wikipedia.org/wiki/MIME>`__ for more information
+## `Wikipedia <https://en.wikipedia.org/wiki/MIME>`__ for more information
 ## about MIME.
 ##
 ## c: The connection.
@@ -61,7 +61,7 @@ event mime_one_header%(c: connection, h: mime_header_rec%);
 ## text and files, along with corresponding metadata, for transmission.
 ##
 ## Zeek's MIME analyzer for emails currently supports SMTP and POP3. See
-## `Wikipedia <http://en.wikipedia.org/wiki/MIME>`__ for more information
+## `Wikipedia <https://en.wikipedia.org/wiki/MIME>`__ for more information
 ## about MIME.
 ##
 ## c: The connection.
@@ -89,7 +89,7 @@ event mime_all_headers%(c: connection, hlist: mime_header_list%);
 ## the data. Thus, if possible, this event should be preferred.
 ##
 ## Zeek's MIME analyzer for emails currently supports SMTP and POP3. See
-## `Wikipedia <http://en.wikipedia.org/wiki/MIME>`__ for more information
+## `Wikipedia <https://en.wikipedia.org/wiki/MIME>`__ for more information
 ## about MIME.
 ##
 ## c: The connection.
@@ -115,7 +115,7 @@ event mime_segment_data%(c: connection, length: count, data: string%);
 ## the latter should be preferred.
 ##
 ## Zeek's MIME analyzer for emails currently supports SMTP and POP3. See
-## `Wikipedia <http://en.wikipedia.org/wiki/MIME>`__ for more information
+## `Wikipedia <https://en.wikipedia.org/wiki/MIME>`__ for more information
 ## about MIME.
 ##
 ## c: The connection.
@@ -138,7 +138,7 @@ event mime_entity_data%(c: connection, length: count, data: string%);
 ## expensive.
 ##
 ## Zeek's MIME analyzer for emails currently supports SMTP and POP3. See
-## `Wikipedia <http://en.wikipedia.org/wiki/MIME>`__ for more information
+## `Wikipedia <https://en.wikipedia.org/wiki/MIME>`__ for more information
 ## about MIME.
 ##
 ## c: The connection.
@@ -157,7 +157,7 @@ event mime_all_data%(c: connection, length: count, data: string%);
 ## Generated for errors found when decoding email MIME entities.
 ##
 ## Zeek's MIME analyzer for emails currently supports SMTP and POP3. See
-## `Wikipedia <http://en.wikipedia.org/wiki/MIME>`__ for more information
+## `Wikipedia <https://en.wikipedia.org/wiki/MIME>`__ for more information
 ## about MIME.
 ##
 ## c: The connection.
@@ -179,7 +179,7 @@ event mime_event%(c: connection, event_type: string, detail: string%);
 ## each MIME entity.
 ##
 ## Zeek's MIME analyzer for emails currently supports SMTP and POP3. See
-## `Wikipedia <http://en.wikipedia.org/wiki/MIME>`__ for more information
+## `Wikipedia <https://en.wikipedia.org/wiki/MIME>`__ for more information
 ## about MIME.
 ##
 ## c: The connection.
@@ -194,4 +194,3 @@ event mime_event%(c: connection, event_type: string, detail: string%);
 ## .. note:: While Zeek also decodes MIME entities extracted from HTTP
 ##    sessions, there's no corresponding event for that currently.
 event mime_content_hash%(c: connection, content_len: count, hash_value: string%);
-

src/analyzer/protocol/modbus/modbus-analyzer.pac

@@ -3,8 +3,8 @@
 # the support of the Ministry of Security and Justice of the Kingdom of the
 # Netherlands within the projects of Hermes, Castor and Midas.
 #
-# Useful references: http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+# Useful references: https://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
-#                    http://www.simplymodbus.ca/faq.htm
+#                    https://www.simplymodbus.ca/faq.htm
 #
 
 %header{

src/analyzer/protocol/modbus/modbus-protocol.pac

@@ -3,8 +3,8 @@
 # the support of the Ministry of Security and Justice of the Kingdom of the
 # Netherlands within the projects of Hermes, Castor and Midas.
 #
-# Useful references: http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+# Useful references: https://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
-#                    http://www.simplymodbus.ca/faq.htm
+#                    https://www.simplymodbus.ca/faq.htm
 
 enum function_codes {
 	# Standard functions

src/analyzer/protocol/modbus/modbus.pac

@@ -3,8 +3,8 @@
 # the support of the Ministry of Security and Justice of the Kingdom of the
 # Netherlands within the projects of Hermes, Castor and Midas.
 #
-# Useful references: http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+# Useful references: https://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
-#                    http://www.simplymodbus.ca/faq.htm
+#                    https://www.simplymodbus.ca/faq.htm
 
 %include binpac.pac
 %include zeek.pac

src/analyzer/protocol/mysql/events.bif

@@ -1,6 +1,6 @@
 ## Generated for a command request from a MySQL client.
 ##
-## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## See the MySQL `documentation <https://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
 ## for more information about the MySQL protocol.
 ##
 ## c: The connection.
@@ -14,7 +14,7 @@ event mysql_command_request%(c: connection, command: count, arg: string%);
 
 ## Generated for a change user command from a MySQL client.
 ##
-## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## See the MySQL `documentation <https://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
 ## for more information about the MySQL protocol.
 ##
 ## c: The connection.
@@ -26,7 +26,7 @@ event mysql_change_user%(c: connection, username: string%);
 
 ## Generated for an unsuccessful MySQL response.
 ##
-## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## See the MySQL `documentation <https://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
 ## for more information about the MySQL protocol.
 ##
 ## c: The connection.
@@ -40,7 +40,7 @@ event mysql_error%(c: connection, code: count, msg: string%);
 
 ## Generated for a successful MySQL response.
 ##
-## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## See the MySQL `documentation <https://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
 ## for more information about the MySQL protocol.
 ##
 ## c: The connection.
@@ -52,7 +52,7 @@ event mysql_ok%(c: connection, affected_rows: count%);
 
 ## Generated for a MySQL EOF packet.
 ##
-## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## See the MySQL `documentation <https://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
 ## for more information about the MySQL protocol.
 ##
 ## c: The connection.
@@ -64,7 +64,7 @@ event mysql_eof%(c: connection, is_intermediate: bool%);
 
 ## Generated for each MySQL ResultsetRow response packet.
 ##
-## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## See the MySQL `documentation <https://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
 ## for more information about the MySQL protocol.
 ##
 ## c: The connection.
@@ -76,7 +76,7 @@ event mysql_result_row%(c: connection, row: string_vec%);
 
 ## Generated for the initial server handshake packet, which includes the MySQL server version.
 ##
-## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## See the MySQL `documentation <https://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
 ## for more information about the MySQL protocol.
 ##
 ## c: The connection.
@@ -89,7 +89,7 @@ event mysql_server_version%(c: connection, ver: string%);
 ## Generated for a client handshake response packet, which includes the username the client is attempting
 ## to connect as.
 ##
-## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## See the MySQL `documentation <https://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
 ## for more information about the MySQL protocol.
 ##
 ## c: The connection.
@@ -102,7 +102,7 @@ event mysql_handshake%(c: connection, username: string%);
 ## Generated for a short client handshake response packet with the CLIENT_SSL
 ## flag set. Usually the client will initiate a TLS handshake afterwards.
 #
-## See the MySQL `documentation <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
+## See the MySQL `documentation <https://dev.mysql.com/doc/internals/en/client-server-protocol.html>`__
 ## for more information about the MySQL protocol.
 ##
 ## c: The connection.

src/analyzer/protocol/mysql/mysql-protocol.pac

@@ -1,7 +1,7 @@
 # See the file "COPYING" in the main distribution directory for copyright.
 #
 # All information is from the MySQL internals documentation at:
-# <http://dev.mysql.com/doc/internals/en/client-server-protocol.html>
+# <https://dev.mysql.com/doc/internals/en/client-server-protocol.html>
 #
 
 # Basic Types

src/analyzer/protocol/ncp/events.bif

@@ -1,6 +1,6 @@
 ## Generated for NCP requests (Netware Core Protocol).
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/NetWare_Core_Protocol>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/NetWare_Core_Protocol>`__ for
 ## more information about the NCP protocol.
 ##
 ## c: The connection.
@@ -21,7 +21,7 @@ event ncp_request%(c: connection, frame_type: count, length: count, func: count%
 
 ## Generated for NCP replies (Netware Core Protocol).
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/NetWare_Core_Protocol>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/NetWare_Core_Protocol>`__ for
 ## more information about the NCP protocol.
 ##
 ## c: The connection.
@@ -43,4 +43,3 @@ event ncp_request%(c: connection, frame_type: count, length: count, func: count%
 ##    been ported. To still enable this event, one needs to
 ##    register a port for it or add a DPD payload signature.
 event ncp_reply%(c: connection, frame_type: count, length: count, req_frame: count, req_func: count, completion_code: count%);
-

src/analyzer/protocol/netbios/events.bif

@@ -2,7 +2,7 @@
 ## processes the NetBIOS session service running on TCP port 139, and (despite
 ## its name!) the NetBIOS datagram service on UDP port 138.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/NetBIOS>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/NetBIOS>`__ for more information
 ## about NetBIOS.  :rfc:`1002` describes
 ## the packet format for NetBIOS over TCP/IP, which Zeek parses.
 ##
@@ -21,7 +21,7 @@
 ##    netbios_session_ret_arg_resp  decode_netbios_name decode_netbios_name_type
 ##
 ## .. note:: These days, NetBIOS is primarily used as a transport mechanism for
-##    `SMB/CIFS <http://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
+##    `SMB/CIFS <https://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
 ##    SMB analyzer parses both SMB-over-NetBIOS and SMB-over-TCP on port 445.
 ##
 ## .. todo:: Zeek's current default configuration does not activate the protocol
@@ -34,7 +34,7 @@ event netbios_session_message%(c: connection, is_orig: bool, msg_type: count, da
 ## analyzer processes the NetBIOS session service running on TCP port 139, and
 ## (despite its name!) the NetBIOS datagram service on UDP port 138.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/NetBIOS>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/NetBIOS>`__ for more information
 ## about NetBIOS.  :rfc:`1002` describes
 ## the packet format for NetBIOS over TCP/IP, which Zeek parses.
 ##
@@ -49,7 +49,7 @@ event netbios_session_message%(c: connection, is_orig: bool, msg_type: count, da
 ##    netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type
 ##
 ## .. note:: These days, NetBIOS is primarily used as a transport mechanism for
-##    `SMB/CIFS <http://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
+##    `SMB/CIFS <https://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
 ##    SMB analyzer parses both SMB-over-NetBIOS and SMB-over-TCP on port 445.
 ##
 ## .. todo:: Zeek's current default configuration does not activate the protocol
@@ -62,7 +62,7 @@ event netbios_session_request%(c: connection, msg: string%);
 ## NetBIOS analyzer processes the NetBIOS session service running on TCP port
 ## 139, and (despite its name!) the NetBIOS datagram service on UDP port 138.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/NetBIOS>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/NetBIOS>`__ for more information
 ## about NetBIOS.  :rfc:`1002` describes
 ## the packet format for NetBIOS over TCP/IP, which Zeek parses.
 ##
@@ -77,7 +77,7 @@ event netbios_session_request%(c: connection, msg: string%);
 ##    netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type
 ##
 ## .. note:: These days, NetBIOS is primarily used as a transport mechanism for
-##    `SMB/CIFS <http://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
+##    `SMB/CIFS <https://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
 ##    SMB analyzer parses both SMB-over-NetBIOS and SMB-over-TCP on port 445.
 ##
 ## .. todo:: Zeek's current default configuration does not activate the protocol
@@ -90,7 +90,7 @@ event netbios_session_accepted%(c: connection, msg: string%);
 ## NetBIOS analyzer processes the NetBIOS session service running on TCP port
 ## 139, and (despite its name!) the NetBIOS datagram service on UDP port 138.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/NetBIOS>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/NetBIOS>`__ for more information
 ## about NetBIOS.  :rfc:`1002` describes
 ## the packet format for NetBIOS over TCP/IP, which Zeek parses.
 ##
@@ -105,7 +105,7 @@ event netbios_session_accepted%(c: connection, msg: string%);
 ##    netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type
 ##
 ## .. note:: These days, NetBIOS is primarily used as a transport mechanism for
-##    `SMB/CIFS <http://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
+##    `SMB/CIFS <https://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
 ##    SMB analyzer parses both SMB-over-NetBIOS and SMB-over-TCP on port 445.
 ##
 ## .. todo:: Zeek's current default configuration does not activate the protocol
@@ -120,7 +120,7 @@ event netbios_session_rejected%(c: connection, msg: string%);
 ## NetBIOS analyzer processes the NetBIOS session service running on TCP port
 ## 139, and (despite its name!) the NetBIOS datagram service on UDP port 138.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/NetBIOS>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/NetBIOS>`__ for more information
 ## about NetBIOS.  :rfc:`1002` describes
 ## the packet format for NetBIOS over TCP/IP, which Zeek parses.
 ##
@@ -137,7 +137,7 @@ event netbios_session_rejected%(c: connection, msg: string%);
 ##    netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type
 ##
 ## .. note:: These days, NetBIOS is primarily used as a transport mechanism for
-##    `SMB/CIFS <http://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
+##    `SMB/CIFS <https://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
 ##    SMB analyzer parses both SMB-over-NetBIOS and SMB-over-TCP on port 445.
 ##
 ## .. todo:: This is an oddly named event. In fact, it's probably an odd event
@@ -153,7 +153,7 @@ event netbios_session_raw_message%(c: connection, is_orig: bool, msg: string%);
 ## analyzer processes the NetBIOS session service running on TCP port 139, and
 ## (despite its name!) the NetBIOS datagram service on UDP port 138.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/NetBIOS>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/NetBIOS>`__ for more information
 ## about NetBIOS.  :rfc:`1002` describes
 ## the packet format for NetBIOS over TCP/IP, which Zeek parses.
 ##
@@ -168,7 +168,7 @@ event netbios_session_raw_message%(c: connection, is_orig: bool, msg: string%);
 ##    netbios_session_request decode_netbios_name decode_netbios_name_type
 ##
 ## .. note:: These days, NetBIOS is primarily used as a transport mechanism for
-##    `SMB/CIFS <http://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
+##    `SMB/CIFS <https://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
 ##    SMB analyzer parses both SMB-over-NetBIOS and SMB-over-TCP on port 445.
 ##
 ## .. todo:: This is an oddly named event.
@@ -183,7 +183,7 @@ event netbios_session_ret_arg_resp%(c: connection, msg: string%);
 ## processes the NetBIOS session service running on TCP port 139, and (despite
 ## its name!) the NetBIOS datagram service on UDP port 138.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/NetBIOS>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/NetBIOS>`__ for more information
 ## about NetBIOS.  :rfc:`1002` describes
 ## the packet format for NetBIOS over TCP/IP, which Zeek parses.
 ##
@@ -198,7 +198,7 @@ event netbios_session_ret_arg_resp%(c: connection, msg: string%);
 ##    netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type
 ##
 ## .. note:: These days, NetBIOS is primarily used as a transport mechanism for
-##    `SMB/CIFS <http://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
+##    `SMB/CIFS <https://en.wikipedia.org/wiki/Server_Message_Block>`__. Zeek's
 ##    SMB analyzer parses both SMB-over-NetBIOS and SMB-over-TCP on port 445.
 ##
 ## .. todo:: Zeek's current default configuration does not activate the protocol
@@ -206,4 +206,3 @@ event netbios_session_ret_arg_resp%(c: connection, msg: string%);
 ##    been ported. To still enable this event, one needs to
 ##    register a port for it or add a DPD payload signature.
 event netbios_session_keepalive%(c: connection, msg: string%);
-

src/analyzer/protocol/ntp/events.bif

@@ -1,7 +1,7 @@
 ## Generated for all NTP messages. Different from many other of Zeek's events,
 ## this one is generated for both client-side and server-side messages.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Network_Time_Protocol>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Network_Time_Protocol>`__ for
 ## more information about the NTP protocol.
 ##
 ## c: The connection record describing the corresponding UDP flow.

src/analyzer/protocol/pop3/events.bif

@@ -1,6 +1,6 @@
 ## Generated for client-side commands on POP3 connections.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/POP3>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/POP3>`__ for more information
 ## about the POP3 protocol.
 ##
 ## c: The connection.
@@ -24,7 +24,7 @@ event pop3_request%(c: connection, is_orig: bool,
 
 ## Generated for server-side replies to commands on POP3 connections.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/POP3>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/POP3>`__ for more information
 ## about the POP3 protocol.
 ##
 ## c: The connection.
@@ -53,7 +53,7 @@ event pop3_reply%(c: connection, is_orig: bool, cmd: string, msg: string%);
 ## mails. This event is generated once for each line that's part of such a
 ## response.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/POP3>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/POP3>`__ for more information
 ## about the POP3 protocol.
 ##
 ## c: The connection.
@@ -75,7 +75,7 @@ event pop3_data%(c: connection, is_orig: bool, data: string%);
 ## finds state transitions that do not conform to the protocol specification,
 ## or other situations it can't handle, it raises this event.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/POP3>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/POP3>`__ for more information
 ## about the POP3 protocol.
 ##
 ## c: The connection.
@@ -100,7 +100,7 @@ event pop3_unexpected%(c: connection, is_orig: bool,
 ## generated if that happens and the analyzer then stops processing the
 ## connection.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/POP3>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/POP3>`__ for more information
 ## about the POP3 protocol.
 ##
 ## c: The connection.
@@ -116,7 +116,7 @@ event pop3_starttls%(c: connection%);
 
 ## Generated for successful authentications on POP3 connections.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/POP3>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/POP3>`__ for more information
 ## about the POP3 protocol.
 ##
 ## c: The connection.
@@ -140,7 +140,7 @@ event pop3_login_success%(c: connection, is_orig: bool,
 
 ## Generated for unsuccessful authentications on POP3 connections.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/POP3>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/POP3>`__ for more information
 ## about the POP3 protocol.
 ##
 ## c: The connection.
@@ -161,4 +161,3 @@ event pop3_login_success%(c: connection, is_orig: bool,
 ##    register a port for it or add a DPD payload signature.
 event pop3_login_failure%(c: connection, is_orig: bool,
 				user: string, password: string%);
-

src/analyzer/protocol/radius/events.bif

@@ -1,6 +1,6 @@
 ## Generated for RADIUS messages.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/RADIUS>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/RADIUS>`__ for more
 ## information about RADIUS.
 ##
 ## c: The connection.
@@ -11,7 +11,7 @@ event radius_message%(c: connection, result: RADIUS::Message%);
 
 ## Generated for each RADIUS attribute.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/RADIUS>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/RADIUS>`__ for more
 ## information about RADIUS.
 ##
 ## c: The connection.

src/analyzer/protocol/rpc/events.bif

@@ -3,7 +3,7 @@
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -26,7 +26,7 @@ event nfs_proc_null%(c: connection, info: NFS3::info_t%);
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -54,7 +54,7 @@ event nfs_proc_getattr%(c: connection, info: NFS3::info_t, fh: string, attrs: NF
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -82,7 +82,7 @@ event nfs_proc_sattr%(c: connection, info: NFS3::info_t, req: NFS3::sattrargs_t,
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -110,7 +110,7 @@ event nfs_proc_lookup%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -138,7 +138,7 @@ event nfs_proc_read%(c: connection, info: NFS3::info_t, req: NFS3::readargs_t, r
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -166,7 +166,7 @@ event nfs_proc_readlink%(c: connection, info: NFS3::info_t, fh: string, rep: NFS
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -194,7 +194,7 @@ event nfs_proc_symlink%(c: connection, info: NFS3::info_t, req: NFS3::symlinkarg
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -222,7 +222,7 @@ event nfs_proc_link%(c: connection, info: NFS3::info_t, req: NFS3::linkargs_t, r
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -251,7 +251,7 @@ event nfs_proc_write%(c: connection, info: NFS3::info_t, req: NFS3::writeargs_t,
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -279,7 +279,7 @@ event nfs_proc_create%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -307,7 +307,7 @@ event nfs_proc_mkdir%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t,
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -335,7 +335,7 @@ event nfs_proc_remove%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -363,7 +363,7 @@ event nfs_proc_rmdir%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t,
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -391,7 +391,7 @@ event nfs_proc_rename%(c: connection, info: NFS3::info_t, req: NFS3::renameoparg
 ## reply, or an unanswered request has timed out.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -418,7 +418,7 @@ event nfs_proc_readdir%(c: connection, info: NFS3::info_t, req: NFS3::readdirarg
 ## analyzer does not implement.
 ##
 ## NFS is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
+## <https://en.wikipedia.org/wiki/Network_File_System_(protocol)>`__ for more
 ## information about the service.
 ##
 ## c: The RPC connection.
@@ -458,7 +458,7 @@ event nfs_reply_status%(n: connection, info: NFS3::info_t%);
 ## Generated for Portmapper requests of type *null*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -477,7 +477,7 @@ event pm_request_null%(r: connection%);
 ## Generated for Portmapper request/reply dialogues of type *set*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -502,7 +502,7 @@ event pm_request_set%(r: connection, m: pm_mapping, success: bool%);
 ## Generated for Portmapper request/reply dialogues of type *unset*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -527,7 +527,7 @@ event pm_request_unset%(r: connection, m: pm_mapping, success: bool%);
 ## Generated for Portmapper request/reply dialogues of type *getport*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -550,7 +550,7 @@ event pm_request_getport%(r: connection, pr: pm_port_request, p: port%);
 ## Generated for Portmapper request/reply dialogues of type *dump*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -572,7 +572,7 @@ event pm_request_dump%(r: connection, m: pm_mappings%);
 ## Generated for Portmapper request/reply dialogues of type *callit*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -596,7 +596,7 @@ event pm_request_callit%(r: connection, call: pm_callit_request, p: port%);
 ## Generated for failed Portmapper requests of type *null*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -619,7 +619,7 @@ event pm_attempt_null%(r: connection, status: rpc_status%);
 ## Generated for failed Portmapper requests of type *set*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -644,7 +644,7 @@ event pm_attempt_set%(r: connection, status: rpc_status, m: pm_mapping%);
 ## Generated for failed Portmapper requests of type *unset*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -669,7 +669,7 @@ event pm_attempt_unset%(r: connection, status: rpc_status, m: pm_mapping%);
 ## Generated for failed Portmapper requests of type *getport*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -693,7 +693,7 @@ event pm_attempt_getport%(r: connection, status: rpc_status, pr: pm_port_request
 ## Generated for failed Portmapper requests of type *dump*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -716,7 +716,7 @@ event pm_attempt_dump%(r: connection, status: rpc_status%);
 ## Generated for failed Portmapper requests of type *callit*.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -744,7 +744,7 @@ event pm_attempt_callit%(r: connection, status: rpc_status, call: pm_callit_requ
 ## event is generated.
 ##
 ## Portmapper is a service running on top of RPC. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Portmap>`__ for more information about the
+## <https://en.wikipedia.org/wiki/Portmap>`__ for more information about the
 ## service.
 ##
 ## r: The RPC connection.
@@ -769,7 +769,7 @@ event pm_bad_port%(r: connection, bad_p: count%);
 ## eventually on timeout. In that case, *status* will be set to
 ## :zeek:enum:`RPC_TIMEOUT`.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/ONC_RPC>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/ONC_RPC>`__ for more information
 ## about the ONC RPC protocol.
 ##
 ## c: The connection.
@@ -801,7 +801,7 @@ event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status:
 
 ## Generated for RPC *call* messages.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/ONC_RPC>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/ONC_RPC>`__ for more information
 ## about the ONC RPC protocol.
 ##
 ## c: The connection.
@@ -828,7 +828,7 @@ event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count,
 
 ## Generated for RPC *reply* messages.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/ONC_RPC>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/ONC_RPC>`__ for more information
 ## about the ONC RPC protocol.
 ##
 ## c: The connection.

src/analyzer/protocol/sip/events.bif

@@ -2,7 +2,7 @@
 ##
 ## This event is generated as soon as a request's initial line has been parsed.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
 ## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
 ##
 ## c: The connection.
@@ -20,7 +20,7 @@ event sip_request%(c: connection, method: string, original_URI: string, version:
 ##
 ## This event is generated as soon as a reply's initial line has been parsed.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
 ## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
 ##
 ## c: The connection.
@@ -36,7 +36,7 @@ event sip_reply%(c: connection, version: string, code: count, reason: string%);
 
 ## Generated for each :abbr:`SIP (Session Initiation Protocol)` header.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
 ## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
 ##
 ## c: The connection.
@@ -52,7 +52,7 @@ event sip_header%(c: connection, is_orig: bool, name: string, value: string%);
 
 ## Generated once for all :abbr:`SIP (Session Initiation Protocol)` headers from the originator or responder.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
 ## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
 ##
 ## c: The connection.
@@ -68,7 +68,7 @@ event sip_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%);
 ##
 ## This event is generated as soon as a message's initial line has been parsed.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
 ## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
 ##
 ## c: The connection.
@@ -80,7 +80,7 @@ event sip_begin_entity%(c: connection, is_orig: bool%);
 
 ## Generated at the end of a :abbr:`SIP (Session Initiation Protocol)` message.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Session_Initiation_Protocol>`__
 ## for more information about the :abbr:`SIP (Session Initiation Protocol)` protocol.
 ##
 ## c: The connection.

src/analyzer/protocol/smb/smb1-com-echo.pac

@@ -19,7 +19,7 @@ refine connection SMB_Conn += {
 };
 
 
-# http://msdn.microsoft.com/en-us/library/ee441746.aspx
+# https://msdn.microsoft.com/en-us/library/ee441746.aspx
 type SMB1_echo_request(header: SMB_Header) = record {
 	word_count : uint8;
 	echo_count : uint16;
@@ -30,7 +30,7 @@ type SMB1_echo_request(header: SMB_Header) = record {
 	proc : bool = $context.connection.proc_smb1_echo_request(header, this);
 };
 
-# http://msdn.microsoft.com/en-us/library/ee441626.aspx
+# https://msdn.microsoft.com/en-us/library/ee441626.aspx
 type SMB1_echo_response(header: SMB_Header) = record {
 	word_count : uint8;
 	seq_num    : uint16;

src/analyzer/protocol/smb/smb1-com-locking-andx.pac

@@ -27,7 +27,7 @@ type LOCKING_ANDX_RANGE64 = record {
 	byte_len    : uint64;
 };
 
-# http://msdn.microsoft.com/en-us/library/ee442004.aspx
+# https://msdn.microsoft.com/en-us/library/ee442004.aspx
 type SMB1_locking_andx_request(header: SMB_Header, offset: uint16) = record {
 	word_count            : uint8;
 	andx                  : SMB_andx;
@@ -55,7 +55,7 @@ type SMB1_locking_andx_request(header: SMB_Header, offset: uint16) = record {
 	proc : bool = $context.connection.proc_smb1_locking_andx_request(header, this);
 };
 
-# http://msdn.microsoft.com/en-us/library/ee441519.aspx
+# https://msdn.microsoft.com/en-us/library/ee441519.aspx
 type SMB1_locking_andx_response(header: SMB_Header) = record {
 } &let {
 	proc : bool = $context.connection.proc_smb1_locking_andx_response(header, this);

src/analyzer/protocol/smb/smb1-com-nt-transact.pac

@@ -14,14 +14,14 @@ refine connection SMB_Conn += {
 
 };
 
-# http://msdn.microsoft.com/en-us/library/ee441534.aspx
+# https://msdn.microsoft.com/en-us/library/ee441534.aspx
 type SMB1_nt_transact_request(header: SMB_Header) = record {
 	word_count          : uint8;
 } &let {
 	proc : bool = $context.connection.proc_smb1_nt_transact_request(header, this);
 };
 
-# http://msdn.microsoft.com/en-us/library/ee442112.aspx
+# https://msdn.microsoft.com/en-us/library/ee442112.aspx
 type SMB1_nt_transact_response(header: SMB_Header) = record {
 	word_count         : uint8;
 } &let {

src/analyzer/protocol/smb/smb1_events.bif

@@ -1,7 +1,7 @@
 ## Generated for all :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` version 1
 ## messages.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Server_Message_Block>`__ for more information about the
+## See `Wikipedia <https://en.wikipedia.org/wiki/Server_Message_Block>`__ for more information about the
 ## :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` protocol. Zeek's
 ## :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` analyzer parses
 ## both :abbr:`SMB (Server Message Block)`-over-:abbr:`NetBIOS (Network Basic Input/Output System)` on
@@ -39,4 +39,3 @@ event smb1_empty_response%(c: connection, hdr: SMB1::Header%);
 ##
 ## .. zeek:see:: smb1_message
 event smb1_error%(c: connection, hdr: SMB1::Header, is_orig: bool%);
-

src/analyzer/protocol/smb/smb2-protocol.pac

@@ -1,5 +1,5 @@
 # Documentation for SMB2 protocol from here:
-#     http://msdn.microsoft.com/en-us/library/cc246497(v=PROT.13).aspx
+#     https://msdn.microsoft.com/en-us/library/cc246497(v=PROT.13).aspx
 
 %header{
 zeek::RecordValPtr BuildSMB2HeaderVal(SMB2_Header* hdr);

src/analyzer/protocol/smb/smb2_events.bif

@@ -1,7 +1,7 @@
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 messages.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Server_Message_Block>`__ for more information about the
+## See `Wikipedia <https://en.wikipedia.org/wiki/Server_Message_Block>`__ for more information about the
 ## :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` protocol. Zeek's
 ## :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` analyzer parses
 ## both :abbr:`SMB (Server Message Block)`-over-:abbr:`NetBIOS (Network Basic Input/Output System)` on

src/analyzer/protocol/smtp/events.bif

@@ -1,6 +1,6 @@
 ## Generated for client-side SMTP commands.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>`__
 ## for more information about the SMTP protocol.
 ##
 ## c: The connection.
@@ -25,7 +25,7 @@ event smtp_request%(c: connection, is_orig: bool, command: string, arg: string%)
 
 ## Generated for server-side SMTP commands.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>`__
 ## for more information about the SMTP protocol.
 ##
 ## c: The connection.
@@ -59,7 +59,7 @@ event smtp_reply%(c: connection, is_orig: bool, code: count, cmd: string, msg: s
 ## corresponding end marker ``.`` is seen. A handler may want to reassemble
 ## the pieces as they come in if stream-analysis is required.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>`__
 ## for more information about the SMTP protocol.
 ##
 ## c: The connection.
@@ -84,7 +84,7 @@ event smtp_data%(c: connection, is_orig: bool, data: string%);
 ## event that it sees even though it would not expect so at the current point
 ## of the communication.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>`__
 ## for more information about the SMTP protocol.
 ##
 ## c: The connection.

src/analyzer/protocol/ssl/events.bif

@@ -3,7 +3,7 @@
 ## of that as it can. This event provides access to the initial information
 ## sent by the client.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Transport_Layer_Security>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ for
 ## more information about the SSL/TLS protocol.
 ##
 ## c: The connection.
@@ -42,7 +42,7 @@ event ssl_client_hello%(c: connection, version: count, record_version: count, po
 ## of that as it can. This event provides access to the initial information
 ## sent by the client.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Transport_Layer_Security>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ for
 ## more information about the SSL/TLS protocol.
 ##
 ## c: The connection.
@@ -499,7 +499,7 @@ event ssl_extension_connection_id%(c: connection, is_client: bool, cid: string%)
 ## handshake and its endpoints consider it as fully established. Typically,
 ## everything from now on will be encrypted.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Transport_Layer_Security>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ for
 ## more information about the SSL/TLS protocol.
 ##
 ## c: The connection.
@@ -514,7 +514,7 @@ event ssl_established%(c: connection%);
 ## sends an *alert* record, that in turn triggers this event. After an *alert*,
 ## any endpoint may close the connection immediately.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Transport_Layer_Security>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ for
 ## more information about the SSL/TLS protocol.
 ##
 ## c: The connection.
@@ -540,7 +540,7 @@ event ssl_alert%(c: connection, is_client: bool, level: count, desc: count%);
 ## ticket to the client that can later be used for resuming the session. The
 ## mechanism is described in :rfc:`4507`.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Transport_Layer_Security>`__ for
+## See `Wikipedia <https://en.wikipedia.org/wiki/Transport_Layer_Security>`__ for
 ## more information about the SSL/TLS protocol.
 ##
 ## c: The connection.
@@ -748,4 +748,3 @@ event ssl_connection_flipped%(c: connection%);
 ## .. zeek:see:: ssl_handshake_message x509_certificate ssl_server_hello ssl_client_hello
 ##               parse_distinguished_name
 event ssl_certificate_request%(c: connection, is_client: bool, certificate_types: index_vec, supported_signature_algorithms: signature_and_hashalgorithm_vec, certificate_authorities: string_vec%);
-

src/analyzer/protocol/syslog/legacy/events.bif

@@ -1,7 +1,7 @@
 
 ## Generated for monitored Syslog messages.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Syslog>`__ for more
+## See `Wikipedia <https://en.wikipedia.org/wiki/Syslog>`__ for more
 ## information about the Syslog protocol.
 ##
 ## c: The connection record for the underlying transport-layer session/flow.

src/file_analysis/analyzer/x509/events.bif

@@ -1,7 +1,7 @@
 ## Generated for encountered X509 certificates, e.g., in the clear SSL/TLS
 ## connection handshake.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/X.509>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/X.509>`__ for more information
 ## about the X.509 format.
 ##
 ## f: The file.
@@ -18,7 +18,7 @@ event x509_certificate%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certif
 
 ## Generated for X509 extensions seen in a certificate.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/X.509>`__ for more information
+## See `Wikipedia <https://en.wikipedia.org/wiki/X.509>`__ for more information
 ## about the X.509 format.
 ##
 ## f: The file.

src/packet_analysis/protocol/arp/events.bif

@@ -1,6 +1,6 @@
 ## Generated for ARP requests.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Address_Resolution_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Address_Resolution_Protocol>`__
 ## for more information about the ARP protocol.
 ##
 ## mac_src: The request's source MAC address.
@@ -21,7 +21,7 @@ event arp_request%(mac_src: string, mac_dst: string, SPA: addr, SHA: string,
 
 ## Generated for ARP replies.
 ##
-## See `Wikipedia <http://en.wikipedia.org/wiki/Address_Resolution_Protocol>`__
+## See `Wikipedia <https://en.wikipedia.org/wiki/Address_Resolution_Protocol>`__
 ## for more information about the ARP protocol.
 ##
 ## mac_src: The reply's source MAC address.

src/packet_analysis/protocol/icmp/events.bif

@@ -4,7 +4,7 @@
 ## doesn't.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
 ## information about the ICMP protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -36,7 +36,7 @@ event icmp_sent_payload%(c: connection, info: icmp_info, payload: string%);
 ## Generated for ICMP *echo request* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
 ## information about the ICMP protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -60,7 +60,7 @@ event icmp_echo_request%(c: connection, info: icmp_info, id: count, seq: count,
 ## Generated for ICMP *echo reply* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
 ## information about the ICMP protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -87,7 +87,7 @@ event icmp_echo_reply%(c: connection, info: icmp_info, id: count, seq: count, pa
 ## as a fallback for those it doesn't.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/ICMPv6>`__ for more
+## <https://en.wikipedia.org/wiki/ICMPv6>`__ for more
 ## information about the ICMPv6 protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -110,7 +110,7 @@ event icmp_error_message%(c: connection, info: icmp_info, code: count, context:
 ## Generated for ICMP *destination unreachable* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
 ## information about the ICMP protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -137,7 +137,7 @@ event icmp_unreachable%(c: connection, info: icmp_info, code: count, context: ic
 ## Generated for ICMPv6 *packet too big* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/ICMPv6>`__ for more
+## <https://en.wikipedia.org/wiki/ICMPv6>`__ for more
 ## information about the ICMPv6 protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -164,7 +164,7 @@ event icmp_packet_too_big%(c: connection, info: icmp_info, code: count, context:
 ## Generated for ICMP *time exceeded* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
 ## information about the ICMP protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -191,7 +191,7 @@ event icmp_time_exceeded%(c: connection, info: icmp_info, code: count, context:
 ## Generated for ICMPv6 *parameter problem* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/ICMPv6>`__ for more
+## <https://en.wikipedia.org/wiki/ICMPv6>`__ for more
 ## information about the ICMPv6 protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -218,7 +218,7 @@ event icmp_parameter_problem%(c: connection, info: icmp_info, code: count, conte
 ## Generated for ICMP *router solicitation* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
 ## information about the ICMP protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -238,7 +238,7 @@ event icmp_router_solicitation%(c: connection, info: icmp_info, options: icmp6_n
 ## Generated for ICMP *router advertisement* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
 ## information about the ICMP protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -279,7 +279,7 @@ event icmp_router_advertisement%(c: connection, info: icmp_info, cur_hop_limit:
 ## Generated for ICMP *neighbor solicitation* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
 ## information about the ICMP protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -301,7 +301,7 @@ event icmp_neighbor_solicitation%(c: connection, info: icmp_info, tgt: addr, opt
 ## Generated for ICMP *neighbor advertisement* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
 ## information about the ICMP protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
@@ -330,7 +330,7 @@ event icmp_neighbor_advertisement%(c: connection, info: icmp_info, router: bool,
 ## Generated for ICMP *redirect* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
 ## information about the ICMP protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.

src/strings.bif

@@ -13,7 +13,7 @@ using namespace std;
 %%}
 
 ## Calculates the Levenshtein distance between the two strings. See `Wikipedia
-## <http://en.wikipedia.org/wiki/Levenshtein_distance>`__ for more information.
+## <https://en.wikipedia.org/wiki/Levenshtein_distance>`__ for more information.
 ##
 ## s1: The first string.
 ##
@@ -748,7 +748,7 @@ function string_to_ascii_hex%(s: string%): string
 	%}
 
 ## Uses the Smith-Waterman algorithm to find similar/overlapping substrings.
-## See `Wikipedia <http://en.wikipedia.org/wiki/Smith%E2%80%93Waterman_algorithm>`__.
+## See `Wikipedia <https://en.wikipedia.org/wiki/Smith%E2%80%93Waterman_algorithm>`__.
 ##
 ## s1: The first string.
 ##

src/zeek.bif

@@ -1206,7 +1206,7 @@ function fnv1a64%(input: any%): count
 ## Calculates a weight value for use in a Rendezvous Hashing algorithm.
 ## See `<https://en.wikipedia.org/wiki/Rendezvous_hashing>`_.
 ## The weight function used is the one recommended in the original
-## paper: `<http://www.eecs.umich.edu/techreports/cse/96/CSE-TR-316-96.pdf>`_.
+## paper: `<https://www.eecs.umich.edu/techreports/cse/96/CSE-TR-316-96.pdf>`_.
 ##
 ## key_digest: A 32-bit digest of a key.  E.g. use :zeek:see:`fnv1a32` to
 ##             produce this.
@@ -1318,7 +1318,7 @@ function file_magic%(data: string%): mime_matches
 	%}
 
 ## Performs an entropy test on the given data.
-## See http://www.fourmilab.ch/random.
+## See https://www.fourmilab.ch/random.
 ##
 ## data: The data to compute the entropy for.
 ##
@@ -3621,7 +3621,7 @@ struct zeek_uuid_t {
 ## Converts a bytes representation of a UUID into its string form. For example,
 ## given a string of 16 bytes, it produces an output string in this format:
 ## ``550e8400-e29b-41d4-a716-446655440000``.
-## See `<http://en.wikipedia.org/wiki/Universally_unique_identifier>`_.
+## See `<https://en.wikipedia.org/wiki/Universally_unique_identifier>`_.
 ##
 ## uuid: The 16 bytes of the UUID.
 ##