mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Add a revised script for detecting HTTP SQL injection, deprecate original
This commit is contained in:
Vern Paxson
Arne Welzel
parent
6b6c3dbbb7
commit
dcd14f7a16
12 changed files with 217 additions and 1 deletions
12
NEWS
12
NEWS
|
|
@ -44,6 +44,18 @@ Removed Functionality
|
|||
Deprecated Functionality
|
||||
------------------------
|
||||
|
||||
- The ``protocols/http/detect-sqli.zeek`` script has been deprecated in favor of a
|
||||
new ``protocols/http/detect-sql-injection.zeek`` script to switch from the victim
|
||||
host being placed into the ``src`` field of a notice to instead use ``dst``.
|
||||
The attacker host is now placed into ``src``. Further, notices hold the first
|
||||
sampled connection uid.
|
||||
|
||||
Note that the ``Notice::Type`` enumeration names remain the same. You can determine
|
||||
which script was used by the presence of populated ``uid`` and ``dst`` fields in the
|
||||
``notice.log`` entries.
|
||||
|
||||
The replacement script doesn't populate the ``email_body_sections`` anymore either.
|
||||
|
||||
Zeek 7.2.0
|
||||
==========
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue