Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Finished work on unified2 analyzer.

Browse source
This commit is contained in:
Seth Hall 2013-08-13 03:21:43 -04:00
parent 95161a920c
commit f7c6dd7f7e
9 changed files with 260 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/file_analysis/analyzer/unified2/unified2-analyzer.pac
View file

@ -61,7 +61,7 @@ refine flow Flow += {
# return true;
# %}
function proc_legacy_ids_event(ev: LegacyIDSEvent) : bool
function proc_ids_event(ev: IDS_Event) : bool
%{
if ( ::unified2_event )
{
@ -88,7 +88,7 @@ refine flow Flow += {
return true;
%}
function proc_ids_event(ev: IDSEvent) : bool
function proc_ids_event_2(ev: IDS_Event_2) : bool
%{
if ( ::unified2_event )
{
@ -152,12 +152,12 @@ refine flow Flow += {
# proc : bool = $context.flow.proc_record(this);
#};
refine typeattr LegacyIDSEvent += &let {
proc : bool = $context.flow.proc_legacy_ids_event(this);
refine typeattr IDS_Event += &let {
proc : bool = $context.flow.proc_ids_event(this);
};
refine typeattr IDSEvent += &let {
proc : bool = $context.flow.proc_ids_event(this);
refine typeattr IDS_Event_2 += &let {
proc : bool = $context.flow.proc_ids_event_2(this);
};
refine typeattr Packet += &let {