Updates related to SSH analysis.

- Some scripts used wrong SSH module/namespace scoping on events.
- Fix outdated notice documentation related to SSH password guessing.
- Add a unit test for SSH pasword guessing notice.

scripts/policy/protocols/ssh/detect-bruteforcing.bro

@@ -69,7 +69,7 @@ event bro_init()
 	                  	}]);
 	}
 
-event SSH::ssh_auth_successful(c: connection, auth_method_none: bool)
+event ssh_auth_successful(c: connection, auth_method_none: bool)
 	{
 	local id = c$id;
 
@@ -78,7 +78,7 @@ event SSH::ssh_auth_successful(c: connection, auth_method_none: bool)
 	             $where=SSH::SUCCESSFUL_LOGIN]);
 	}
 
-event SSH::ssh_auth_failed(c: connection)
+event ssh_auth_failed(c: connection)
 	{
 	local id = c$id;
 

scripts/policy/protocols/ssh/geo-data.bro

@@ -30,7 +30,7 @@ function get_location(c: connection): geo_location
 	return lookup_location(lookup_ip);
 	}
 
-event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
+event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
 	{
 	# Add the location data to the SSH record.
 	c$ssh$remote_location = get_location(c);
@@ -45,7 +45,7 @@ event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) &priority=
 		}
 	}
 
-event SSH::ssh_auth_failed(c: connection) &priority=3
+event ssh_auth_failed(c: connection) &priority=3
 	{
 	# Add the location data to the SSH record.
 	c$ssh$remote_location = get_location(c);

scripts/policy/protocols/ssh/interesting-hostnames.bro

@@ -27,7 +27,7 @@ export {
 			/^ftp[0-9]*\./  &redef;
 }
 
-event SSH::ssh_auth_successful(c: connection, auth_method_none: bool)
+event ssh_auth_successful(c: connection, auth_method_none: bool)
 	{
 	for ( host in set(c$id$orig_h, c$id$resp_h) )
 		{