Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add CT log information to Bro

Browse source 
This commit add the table SSL::ct_logs to Bro. This table is populated
with information about the currently active certificate transparency
logs (data from Google). The data can, e.g., be used to identify which
Logs are being used in SCTs.
This commit is contained in:
Johanna Amann 2017-03-16 13:50:32 -07:00
parent 2b3dcc273a
commit dcf4907857
7 changed files with 57 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

13
scripts/base/protocols/ssl/main.bro
View file

@ -74,6 +74,19 @@ export {
## script sets this to Mozilla's root CA list.
const root_certs: table[string] of string = {} &redef;
type CTInfo: record {
description: string;
operator: string;
key: string;
maximum_merge_delay: count;
url: string;
};
## The Certificate Transparency log bundle. By default, the ct-list.bro
## script sets this to the current list of known logs. Entries
## are indexex by (binary) log-id.
const ct_logs: table[string] of CTInfo = {} &redef;
## If true, detach the SSL analyzer from the connection to prevent
## continuing to process encrypted traffic. Helps with performance
## (especially with large file transfers).