Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19623 commits 387 branches 195 tags 255 MiB
Commit graph

446 commits

Author SHA1 Message Date
Jon Siwek
a68c9f6b71 Merge branch 'empty_services' of https://github.com/mauropalumbo75/zeek 
* 'empty_services' of https://github.com/mauropalumbo75/zeek:
  remove empty services and include udp active connections when logging in connection_state_remove
 2019-08-09 09:59:50 -07:00
Jon Siwek
1eb1771c25 Fix documentation warnings for MQTT identifiers 
I.e. a type was not in the export section, but a field was added
to connection record via a redef that uses the "hidden" type.
That generally doesn't help to hide it that way since a user comes
to rely on it indirectly anyway, and it also causes problems with
the Zeekygen documentation not being able to find it.
 2019-08-05 18:55:48 -07:00
Johanna Amann
0f96a9dedf Disable MQTT by default 
To enable MQTT, one has to load policy/scripts/mqtt. Like with smb in
2.5, the consts are loaded by default.
 2019-08-05 17:04:39 -07:00
Mauro Palumbo
e206347d1a improve logging with broker store 2019-07-31 17:40:02 +02:00
Mauro Palumbo
1f7f42daea drop services starting with - 2019-07-31 17:07:10 +02:00
Mauro Palumbo
f7a8e8c8fb remove service from key for Cluster::publish_hrw 2019-07-31 16:28:25 +02:00
Mauro Palumbo
55013fa128 remove check for empty services 2019-07-31 16:08:36 +02:00
Mauro Palumbo
780aae8e51 remove empty services and include udp active connections when logging in connection_state_remove 2019-07-31 15:52:43 +02:00
Mauro Palumbo
9e1e177621 order list of services in store key 2019-07-31 11:11:28 +02:00
Mauro Palumbo
ddf2d2d8a9 remove repeated services in logs if already seen 2019-07-31 11:11:05 +02:00
Mauro Palumbo
cc0f0e2f09 add multiprotocol known_services when Known::use_service_store = T 2019-07-31 11:06:20 +02:00
Mauro Palumbo
98f8eb6317 remove hyphen in front of some services (for example -HTTP, -SSL) 
In some cases, there is an hyphen before the protocol name in the field
  connection$service. This can cause problems in known_services and
  is removed here. It originates probably in some analyzer where it
  would be better removed in the future.
 2019-07-31 10:53:43 +02:00
Mauro Palumbo
9faabe9991 add multiprotocol known_services when Known::use_service_store = F 2019-07-31 10:52:29 +02:00
Jon Siwek
1ce0fcce49 GH-387: update Broker topic names to use "zeek/" prefix 2019-05-29 15:56:37 -07:00
Daniel Thayer
be182aac83 More bro-to-zeek renaming in scripts and other files 2019-05-16 02:36:41 -05:00
Jon Siwek
f2f06d66c0 Remove previously deprecated policy/protocols/smb/__load__ 2019-05-02 20:50:30 -07:00
Johanna Amann
5d44735209 Remove deprecated functions/events 
This commit removed functions/events that have been deprecated in Bro
2.6. It also removes the detection code that checks if the old
communication framework is used (since all the functions that are
checked were removed).

Addresses parts of GH-243
 2019-05-02 12:06:39 -07:00
Jon Siwek
aebcb1415d GH-234: rename Broxygen to Zeexygen along with roles/directives 
* All "Broxygen" usages have been replaced in
  code, documentation, filenames, etc.

* Sphinx roles/directives like ":bro:see" are now ":zeek:see"

* The "--broxygen" command-line option is now "--zeexygen"
 2019-04-22 19:45:50 -07:00
Jon Siwek
a994be9eeb Merge remote-tracking branch 'origin/topic/seth/zeek_init' 
* origin/topic/seth/zeek_init:
  Some more testing fixes.
  Update docs and tests for bro_(init|done) -> zeek_(init|done)
  Implement the zeek_init handler.
 2019-04-19 11:24:29 -07:00
Seth Hall
8cefb9be42 Implement the zeek_init handler. 
Implements the change and a test.
 2019-04-14 08:37:35 -04:00
Daniel Thayer
18bd74454b Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
Jon Siwek
01d303b480 Migrate table-based for-loops to key-value iteration 2019-03-15 19:54:44 -07:00
Jon Siwek
03ac32adec Merge branch 'topic/dopheide/fix-ssh-geo-data' of https://github.com/dopheide-esnet/bro 
* 'topic/dopheide/fix-ssh-geo-data' of https://github.com/dopheide-esnet/bro:
  Fix geo-data to log remote_location data when auth is successful.
 2019-03-15 13:03:59 -07:00
Michael Dopheide
0f6f6cdb29 Fix geo-data to log remote_location data when auth is successful. 2019-03-13 14:14:38 -05:00
Johanna Amann
2e2f611df5 Merge branch 'master' of https://github.com/hosom/zeek 
* 'master' of https://github.com/hosom/zeek:
  Add fuid to SSL:Invalid_Server_Cert notice
 2019-01-29 14:52:34 -08:00
Stephen Hosom
e30a02e186 Add fuid to SSL:Invalid_Server_Cert notice 
This is a very basid quality of life improvement. It should make it
much easier to find additional information about the certificate
in question.
 2019-01-29 13:34:51 -05:00
Jon Siwek
0cc5e4e044 Add missing record field comment 2018-10-26 10:42:05 -05:00
Jon Siwek
c2c5754e28 Merge branch 'topic/jazoff/sqli-policy-hook' of https://github.com/JustinAzoff/bro 
* 'topic/jazoff/sqli-policy-hook' of https://github.com/JustinAzoff/bro:
  add sqli_policy hook
 2018-09-19 15:22:45 -05:00
Justin Azoff
a599c5d997 add sqli_policy hook 
Add a hook that can be used to prevent specific requests from being
counted towards SQL injection.
 2018-09-19 14:11:45 -04:00
Jon Siwek
c85cfdd470 Add @deprecate to policy/protocols/smb/__load__.bro 2018-08-31 09:26:22 -05:00
Jon Siwek
57a505b0e4 Allow loading policy/protocols/smb once again 
It just redirects to base/protocols/smb
 2018-08-30 16:07:04 -05:00
Johanna Amann
27d47314f7 Merge remote-tracking branch 'origin/master' into topic/johanna/tls-more-data 2018-08-27 09:25:40 -07:00
Daniel Thayer
01a899255e Convert more redef-able constants to runtime options 2018-08-24 16:05:44 -05:00
Johanna Amann
b2a0418dc5 Final touches to SSL events with record layer version. 2018-08-23 14:18:38 -07:00
Johanna Amann
aa2488fb69 Merge remote-tracking branch 'origin/master' into topic/johanna/tls-more-data 2018-08-20 16:10:21 -07:00
Jon Siwek
6595b21e2e Merge remote-tracking branch 'origin/topic/dnthayer/ticket1963' 
* origin/topic/dnthayer/ticket1963:
  Remove unused redef-able constants
  Convert some redef-able constants to runtime options
 2018-08-20 12:44:58 -05:00
Jon Siwek
1671244a64 Merge remote-tracking branch 'origin/topic/dnthayer/doc-fixes-for-2.6' 
* origin/topic/dnthayer/doc-fixes-for-2.6:
  Fix some typos and improve formatting in NEWS
  Update the operators documentation
  Replace references to libgeoip in the documentation
  Update install instructions for python-ipaddress
  Update documentation of "option" and "redef" declarations
  Improvements to the config framework documentation
  Rearrange some lines on the "Log Files" documentation page
  Improve install/setup instructions for libmaxminddb
  Update NEWS for config framework clusterization changes
  Update config framework doc for clusterization changes
  Fix typos and formatting issues in config framework docs
 2018-08-17 17:10:34 -05:00
Jon Siwek
edf8658b11 Merge remote-tracking branch 'origin/topic/vladg/dhcp_event_deprecation' 
* origin/topic/vladg/dhcp_event_deprecation:
  Add script to support the old DHCP events

Updated coverage tests and fixed incorrect DHCP:: scoping on some things
 2018-08-17 16:38:19 -05:00
Daniel Thayer
1a4629b0dc Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1963 2018-08-17 14:11:47 -05:00
Johanna Amann
b1dbd757a6 Merge remote-tracking branch 'origin/master' into topic/johanna/tls-more-data 2018-08-17 11:52:00 -07:00
Daniel Thayer
a71ed6f781 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-fixes-for-2.6 2018-08-17 11:34:16 -05:00
Jon Siwek
fcabd72b92 BIT-1815: move SMB::write_cmd_log functionality into policy/ script 
The option is removed, but same functionality is now enabled simply
by loading policy/protocols/smb/log-cmds.bro
 2018-08-17 11:15:18 -05:00
Jon Siwek
a04c76c035 Enable SMB by default by moving scripts from policy/ to base/ 2018-08-16 17:23:28 -05:00
Jon Siwek
7fdf621a1d BIT-1924: add DHCP port to software.log for completeness 2018-08-16 16:08:29 -05:00
Daniel Thayer
c941c565a6 Replace references to libgeoip in the documentation 
Replace references to the old libgeoip library with "libmaxminddb" or
"GeoIP support".
 2018-08-16 15:45:58 -05:00
Daniel Thayer
dc0904a7f3 Convert some redef-able constants to runtime options 2018-08-15 10:17:14 -05:00
Jon Siwek
a2f8d81fb6 Fix validate-certs.bro comments 2018-08-13 10:20:58 -05:00
Jon Siwek
e6042940dc Fix (non)suppression of proxy-bound events in known-*.bro scripts 
When not using data stores, these scripts were intended to suppress
sending duplicate events to proxies by looking up the key in the local
cache.
 2018-08-06 17:04:42 -05:00
Vern Paxson
88fd7510c6 reap the fruits of v += e 2018-07-26 12:51:36 -07:00
Vlad Grigorescu
fcaed26796 Add script to support the old DHCP events 2018-07-24 12:49:10 -05:00