Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
18601 commits 385 branches 195 tags 258 MiB
Commit graph

2993 commits

Author SHA1 Message Date
Robin Sommer
2002fd7f90 Merge remote-tracking branch 'origin/topic/johanna/ssl-resumption' 
* origin/topic/johanna/ssl-resumption:
  Update baseline of new SSL policy script for changes
  update test baselines
  Mark everything below 2048 bit as a weak key (Browsers will stop accepting 1024 bits soon, so we can be of that opinion too).
  add information about server chosen protocol to ssl.log, if provided by alpn.
  change SSL log to contain a boolean flag signaling if a session was resumed instead of the (usually not really that useful) session ID the client sent.

BIT-1279 #merged
 2014-10-21 13:44:46 -07:00
Johanna Amann
ba3b35a612 Merge remote-tracking branch 'origin/master' into topic/johanna/ssl-resumption 2014-10-21 11:32:46 -07:00
Christian Struck
6c2a8cdff4 Seth's *any type* to JSON converter, slightly changed 2014-10-20 17:13:01 -07:00
Christian Struck
676207e968 Small implementation of the RYU restAPI functionality to add flows. 2014-10-20 17:10:49 -07:00
Christian Struck
d426f36ebe Small openflow api, that provides functionality to add flows. 2014-10-20 17:09:44 -07:00
Christian Struck
4c305d6b92 [FIX] Add files to result table even if the files are empty 2014-10-20 15:59:58 -07:00
Vlad Grigorescu
9a73033b19 Redo DCE/RPC code. 2014-10-09 21:06:38 -04:00
Vlad Grigorescu
c4eb7e2377 Add support for TRANSACTION subcommands. 2014-10-08 18:01:55 -04:00
Vlad Grigorescu
10db1b552d Add username tracking 2014-10-08 17:23:20 -04:00
Vlad Grigorescu
f38a580c8c Add support for transaction2 Find_First2. 2014-10-08 16:29:51 -04:00
Vlad Grigorescu
261f6e8c45 Fix a segfault, and add script-level support for some more commands. 2014-10-08 12:06:33 -04:00
Vlad Grigorescu
e9c398a41c Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/vladg/smb 2014-10-08 10:54:56 -04:00
Seth Hall
d77243823f Updates for file mime type identification. 
- Change to the default BOF buffer size to 3000 (was 1024).
 - Reorganized MS signatures into a separate file
 - Improved lots of the signatures and added new ones.
 2014-10-08 02:12:10 -04:00
Vlad Grigorescu
0d615b0319 Add more SMB subcommands and arguments. Log SMB1 error messages too. 2014-10-07 17:32:01 -04:00
Vlad Grigorescu
a6de23aaa3 Refine transaction2 support, rewrite SMB scripts. 2014-10-07 16:31:02 -04:00
Seth Hall
80656d5294 Improves shockwave flash file signatures. 
- This moves the signatures out of the libmagic imported signatures
   and into our own general.sig.

 - Expand the detection to LZMA compressed flash files.
 2014-10-06 11:13:13 -04:00
Johanna Amann
470d868558 new ssl extension type from iana and a few other ssl const changes. 2014-09-28 14:29:12 +02:00
Seth Hall
e4ca588127 Does the initial effort to add the SMB2 SetInfo command and better handle file lengths. 2014-09-27 03:11:01 -04:00
Seth Hall
cafd35e746 Updates the files event api and brings file reassembly up to master. 2014-09-26 00:40:37 -04:00
Vlad Grigorescu
6ee2ec666f Merge remote-tracking branch 'origin/master' into topic/vladg/smb 
Conflicts:
	src/analyzer/protocol/smb/Plugin.cc
 2014-09-24 18:38:43 -04:00
Seth Hall
42b2d56279 Merge remote-tracking branch 'origin/master' into topic/seth/files-tracking 
Conflicts:
	scripts/base/frameworks/files/main.bro
	src/file_analysis/File.cc
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.actions.data_event/out
 2014-09-23 13:05:39 -04:00
Seth Hall
8d283db63b Adds a "node" field to Intel::Seen struture and intel.log. 
The intel framework can now indicate which node discovered a
hit on an intel item through the new "node" field in the
Intel::Seen data structure.  On clusters, this field will
contain the name of the node where the hit was seen.
 2014-09-23 12:23:39 -04:00
Daniel Thayer
d226fef723 Fixed some "make doc" warnings caused by reST formatting 2014-09-16 12:44:51 -05:00
Jon Siwek
f97f58e9db Raise http_entity_data in line with data arrival. 
As opposed to delaying until a certain-sized-buffer fills, which is
problematic because then the event becomes out of sync with the "rest of
the world".  E.g. content_gap handlers being called sooner than
expected.

Addresses BIT-1240.
 2014-09-10 13:20:47 -05:00
Robin Sommer
525816b03d Merge remote-tracking branch 'origin/topic/hui/dnp3-udp' 
* origin/topic/hui/dnp3-udp:
  remove redundnt codes; find a way to use the analyzer function, such as Weird; fix a small bug in ProcessData function in DNP3.cc; passed the test
  Renameing the DNP3 TCP analyzer
  quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header
  Removing the debug printf in DNP3.cc
  fixed the bug of deciding the size of object 1 varition 1 in DNP3
  Fix some things in DNP3 UDP analyzer.
  changed a bug, but still not working
  modify DNP3.cc and DNP3.h to add DNP3_UDP_Analyzer; binpac unchanged
 2014-09-07 21:09:53 -07:00
Vlad Grigorescu
51373b0592 SSH: Misc. updates to the new analyzer. 2014-09-02 00:15:32 -04:00
Vlad Grigorescu
0a50688afc Move auth method detection into script-land, to make it easier to change. 2014-08-28 18:23:30 -04:00
Vlad Grigorescu
214e6b3ea9 Move the SIP analyzer to uint64 sequences, and a number of other small SIP fixes. 2014-08-26 22:26:42 -04:00
Hui Lin
81606e7ff4 Renameing the DNP3 TCP analyzer 2014-08-25 10:33:28 -05:00
Vlad Grigorescu
f93f2af748 Merge tag 'v2.3' into topic/vladg/sip 
Version tag

Conflicts:
	scripts/base/init-default.bro
 2014-08-22 19:25:43 -04:00
Hui Lin
fb21236661 quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header 2014-08-16 11:01:30 -05:00
Robin Sommer
996d118d68 Fixing tests. 2014-08-13 21:33:03 -07:00
Robin Sommer
58f3a715f2 Merge branch 'topic/robin/reader-writer-plugins' of git.bro.org:bro into topic/robin/reader-writer-plugins 
Conflicts:
	scripts/base/frameworks/logging/writers/dataseries.bro
 2014-08-08 18:36:09 -07:00
Robin Sommer
355314718b Merge remote-tracking branch 'origin/master' into topic/robin/reader-writer-plugins 2014-08-08 18:32:45 -07:00
Robin Sommer
8737eae906 Move DataSeries and ElasticSearch into plugins. 2014-08-08 18:32:21 -07:00
Robin Sommer
8031da4ee7 More polishing of some of the branche's changes. 2014-08-08 18:32:05 -07:00
Vlad Grigorescu
250360eb55 Add support for more commands, and support quit 2014-08-08 13:53:16 -05:00
Vlad Grigorescu
1ceeafcb32 Redo the response handling.. 2014-08-08 13:46:12 -05:00
Jon Siwek
b83d4a9c84 Fix some things in DNP3 UDP analyzer. 
- DeliverPacket override had a wrong parameter.
- Change the DNP3 plugin to provide both UDP and TCP analyzer versions.
- Add a DPD signature.
 2014-08-06 15:41:53 -05:00
Johanna Amann
14d265482a add information about server chosen protocol to ssl.log, if provided by alpn. 
This is e.g. used to negotiate spdy or http/2
 2014-08-04 22:16:09 -07:00
Johanna Amann
026233d1f2 change SSL log to contain a boolean flag signaling if a session was resumed 
instead of the (usually not really that useful) session ID the client sent.
 2014-08-04 11:15:42 -07:00
Johanna Amann
fe60d5e9dd Split dhcp log writing from record creation. 
This allows users to customize dhcp.log by changing the record in their own
dhcp_ack event.
 2014-08-01 11:07:32 -07:00
Robin Sommer
ffd3d9d185 More polishing. 2014-07-31 15:08:45 -07:00
Robin Sommer
2b505b07c1 Merge remote-tracking branch 'origin/master' into topic/robin/reader-writer-plugins 2014-07-31 10:10:39 -07:00
Jon Siwek
69b1ba653d Minor adjustments to plugin code/docs. 
Mostly whitespace/typos.
Moved some Plugin methods out from public access.
 2014-07-30 16:48:23 -05:00
Vlad Grigorescu
ca55d203cb Kerberos analyzer 2014-07-24 21:55:41 -04:00
Vlad Grigorescu
6a34de5dd8 SMB & NTLM analyzers. 2014-07-24 21:46:38 -04:00
Vlad Grigorescu
101d340b18 MySQL analyzer 2014-07-24 15:52:42 -04:00
Robin Sommer
c6e204fbe2 Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 
Conflicts:
	aux/btest
 2014-07-22 20:27:00 -07:00
Robin Sommer
48b251abd1 Merge branch 'topic/robin/dynamic-plugins-2.3' into topic/robin/reader-writer-plugins 2014-07-22 17:27:16 -07:00