Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/jsiwek/reorg-followup'

Browse source
This commit is contained in:
Seth Hall 2011-08-25 16:44:31 -04:00
commit fc5f22cb5d
234 changed files with 295 additions and 104 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/policy/protocols/http/detect-MHR.bro
View file

@ -4,6 +4,11 @@
##! documentation for the :doc:base/protocols/http/file-hash.bro script to see how to
##! configure which transfers will have hashes calculated.
@load base/frameworks/notice/main
@load base/protocols/http/main
@load base/protocols/http/utils
@load base/protocols/http/file-hash
export {
redef enum Notice::Type += {
## If the MD5 sum of a file transferred over HTTP

6
scripts/policy/protocols/http/detect-intel.bro
View file

@ -1,5 +1,9 @@
##! Intelligence based HTTP detections.
@load base/protocols/http/main
@load base/protocols/http/utils
@load base/frameworks/intel/main
module HTTP;
event log_http(rec: Info)
@ -14,4 +18,4 @@ event log_http(rec: Info)
$sub=HTTP::build_url_http(rec),
$id=rec$id]);
}
}
}

6
scripts/policy/protocols/http/detect-sqli.bro
View file

@ -1,5 +1,9 @@
##! SQL injection detection in HTTP.
@load base/frameworks/notice/main
@load base/frameworks/metrics/main
@load base/protocols/http/main
module HTTP;
export {
@ -54,4 +58,4 @@ event http_request(c: connection, method: string, original_URI: string,
Metrics::add_data(SQL_ATTACKS, [$host=c$id$orig_h], 1);
Metrics::add_data(SQL_ATTACKS_AGAINST, [$host=c$id$resp_h], 1);
}
}
}

4
scripts/policy/protocols/http/detect-webapps.bro
View file

@ -1,3 +1,7 @@
@load base/frameworks/signatures/main
@load base/frameworks/software/main
@load base/protocols/http/main
@load base/protocols/http/utils
module HTTP;

2
scripts/policy/protocols/http/headers.bro
View file

@ -1,5 +1,7 @@
##! Extract and include the header keys used for each request in the log.
@load base/protocols/http/main
module HTTP;
export {

4
scripts/policy/protocols/http/software.bro
View file

@ -1,5 +1,7 @@
##! Software identification and extraction for HTTP traffic.
@load base/frameworks/software/main
module HTTP;
export {
@ -52,4 +54,4 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
Software::found(c$id, Software::parse(value, c$id$resp_h, WEB_APPSERVER));
}
}
}
}

3
scripts/policy/protocols/http/var-extraction-cookies.bro
View file

@ -1,5 +1,8 @@
##! This script extracts and logs variables from cookies sent by clients
@load base/protocols/http/main
@load base/protocols/http/utils
module HTTP;
redef record Info += {

3
scripts/policy/protocols/http/var-extraction-uri.bro
View file

@ -1,5 +1,8 @@
##! This script extracts and logs variables from the requested URI
@load base/protocols/http/main
@load base/protocols/http/utils
module HTTP;
redef record Info += {