Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19623 commits 387 branches 195 tags 255 MiB
Commit graph

61 commits

Author SHA1 Message Date
Florian Wilkens
2d950ffde9 ssl: rudimentary decryption for TLS 1.2 
Several limitations still apply:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is the only supported cipher suite
- Some tests are broken due to a failing assertion regarding bytestring
- No newly written tests for decryption (the patch was tested extensively for our paper)
- Several small open technical questions marked with FIXME
- Architecture in the ssl module might not be optimal
 2021-04-19 17:38:02 +02:00
Tim Wojtulewicz
c3cf36e135 GH-1221: Add unknown_protocols.log for logging packet analyzer lookup failures 2020-11-09 20:37:26 -07:00
Ryan Victory
63d99595fe Modified the DNS protocol analyzer to add a new parameter to the dns_request event which includes the DNS query in its original case. Added a policy script that will add the original_case to the dns.log file as well. Created new btests to test both. 2020-06-17 10:13:04 -05:00
Jon Siwek
aeef4bf030 Merge branch 'topic/jgras/dpd-late-match' of https://github.com/J-Gras/zeek 
* 'topic/jgras/dpd-late-match' of https://github.com/J-Gras/zeek:
  Improve dpd_late_match event generation.
  Improve logging of speculative service.
  Update test-all-policy script.
  Add speculative service script.
  Allow to handle late DPD matches.
 2019-09-17 11:17:41 -07:00
Jan Grashoefer
a810365f0e Update test-all-policy script. 2019-08-30 11:30:33 +02:00
Johanna Amann
0f96a9dedf Disable MQTT by default 
To enable MQTT, one has to load policy/scripts/mqtt. Like with smb in
2.5, the consts are loaded by default.
 2019-08-05 17:04:39 -07:00
Jon Siwek
b5050437fa GH-379: move catch-and-release and unified2 scripts to policy/ 
These are no longer loaded by default due to the performance impact they
cause simply by being loaded (they have event handlers for commonly
generated events) and they aren't generally useful enough to justify it.
 2019-06-05 13:33:45 -07:00
Daniel Thayer
be182aac83 More bro-to-zeek renaming in scripts and other files 2019-05-16 02:36:41 -05:00
Jon Siwek
f2f06d66c0 Remove previously deprecated policy/protocols/smb/__load__ 2019-05-02 20:50:30 -07:00
Johanna Amann
5d44735209 Remove deprecated functions/events 
This commit removed functions/events that have been deprecated in Bro
2.6. It also removes the detection code that checks if the old
communication framework is used (since all the functions that are
checked were removed).

Addresses parts of GH-243
 2019-05-02 12:06:39 -07:00
Daniel Thayer
18bd74454b Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00