Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
16829 commits 385 branches 195 tags 258 MiB
Commit graph

2808 commits

Author SHA1 Message Date
Liang Zhu
569e637eb1 small changes for parsing GET url 2015-07-16 19:31:58 -07:00
Liang Zhu
d20925f230 make parsing GET url more robust 2015-07-16 19:07:13 -07:00
Liang Zhu
00a0313967 fix a bug for parsing OCSP Get request 2015-07-16 18:10:05 -07:00
Johanna Amann
5f07268805 Small changes to iana tls registry. 2015-07-16 16:40:35 -07:00
Liang Zhu
f0c642cd25 update logging for ocsp and baseline 2015-07-15 13:31:41 -07:00
Liang Zhu
fb757d96a6 clean up ocsp/main.bro 2015-07-15 10:39:46 -07:00
Liang Zhu
c2f1c428f0 fix a bug and update baseline 2015-07-15 01:06:12 -07:00
Liang Zhu
01094bfc43 add parsing ocsp request in get url 2015-07-15 00:40:39 -07:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00
Johanna Amann
eb9fbd1258 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-07-08 12:15:09 -07:00
Liang Zhu
d18a96bc8d separated field for ocsp response timestamp and update baseline 2015-07-06 16:12:52 -07:00
Robin Sommer
c1f060be63 Merge branch 'topic/yunzheng/bit-1314' 
I've worked on this a bit more:

    - Added tcp_max_old_segments to init-bare.bro.
    - Removed the existing call to Overlap() as that now led to
      duplicate events.
    - Fixed the code checking for overlaps, as it didn't catch all the
      cases.

BIT-1314 #merged
GitHub #31 merged

* topic/yunzheng/bit-1314:
  BIT-1314: Added QI test for rexmit_inconsistency
  BIT-1314: Add detection for Quantum Insert attacks
 2015-07-03 08:40:12 -07:00
Liang Zhu
8844d344af add connection in ocsp log 2015-07-02 17:46:43 -07:00
Liang Zhu
356480745c add function to get hash of cert issuer name 2015-06-19 15:01:31 -07:00
Liang Zhu
d1c568663c add btest and fix bug 2015-06-19 09:37:10 -07:00
Liang Zhu
d84d1d24e8 add ocsp logging 2015-06-17 19:18:37 -07:00
Liang Zhu
e9baddfd6b add a file analyzer to parse ocsp request and response 
add two events: ocsp_request and ocsp_response
 2015-06-15 11:05:04 -07:00
Robin Sommer
582da62d04 Fix reporter errors with GridFTP traffic. 2015-06-08 09:42:06 -07:00
Johanna Amann
17796182c6 fix acld plugin to use address instead of subnet (and add functions for 
conversion)
 2015-06-05 00:00:20 -07:00
Johanna Amann
cedb80ff74 implement quarantine 2015-06-04 16:21:30 -07:00
Johanna Amann
e6834367fd miscelaneous missing bits and pieces 2015-06-04 11:16:42 -07:00
Johanna Amann
ee645dfce9 Acld implementation for Pacf - Bro side. 
Still needs a few small fixes to deal with the fact that acld does not
always accept subnets.
 2015-06-03 11:06:01 -07:00
Johanna Amann
f88a1337c0 add basic catch-and-release functionality (without own logging so far). 2015-06-02 15:04:11 -07:00
Johanna Amann
1439c244fc add hook to pacf that allows users to modify all rules or implement 
whitelists or similar.
 2015-06-02 14:23:25 -07:00
Johanna Amann
ed40855152 add support for multiple backends with same priority 2015-06-02 12:34:44 -07:00
Robin Sommer
a6618eb964 Merge branch 'master' of git.bro.org:bro 2015-06-02 10:37:31 -07:00
Seth Hall
217ccf6063 Add signature support for F4M files. 2015-06-02 12:48:53 -04:00
Robin Sommer
26d10d88d2 Merge remote-tracking branch 'origin/topic/dnthayer/doc-improvements-2.4' 
Lots of good stuff! Thanks for catchign the plugin doc inconsistencies!

* origin/topic/dnthayer/doc-improvements-2.4:
  Add missing documentation on the "Bro Package Index" page
  More improvements to the Logging Framework doc
  Fix documentation typo
  Update the "Log Files" documentation
  Add links in the logging framework doc
  Add a link to the bro-plugins documentation
  Update bro man page
  Update script language reference documentation
  Fix typos in the "writing bro plugins" doc
  Fix a "make doc" warning
  Improve logging framework doc
  Add link to broctl doc from the quickstart doc
  Update install documentation and fix some typos
  Minor improvements to logging framework documentation
  Correct a minor typo in the docs
 2015-06-02 09:44:51 -07:00
Seth Hall
0eb345a25a Updating the Mozilla root certs. 2015-06-02 11:51:08 -04:00
Daniel Thayer
45caf8d2c1 Add missing documentation on the "Bro Package Index" page 2015-06-02 10:00:00 -05:00
Johanna Amann
269e80b3e1 make pacf logging deal with wildcards in flows. 2015-06-01 18:57:16 -07:00
Johanna Amann
ae18062761 add whitelist and redirect high-level functions 2015-06-01 15:57:58 -07:00
Daniel Thayer
7681263f91 Fix documentation typo 2015-06-01 14:29:03 -05:00
Johanna Amann
2f1ebed2e9 set the default idle timeout to 0 (= disable), because pacf actually 
does not directly support this concept. If someone wants idle timeouts,
they can just re-enable them with a redef.
 2015-06-01 10:46:39 -07:00
Seth Hall
097354a43f Updates for the urls.bro script. Fixes BIT-1404. 2015-06-01 11:38:26 -04:00
Daniel Thayer
24701f2678 Fix a "make doc" warning 
Also fixed some indentation.
 2015-05-29 14:38:50 -05:00
Jeff Barber
30fdc37479 Refactor to make bro use a common Packet object. 
Do a better job of parsing layer 2 and keeping track of layer 3 proto.
Add support for raw packet event, including Layer2 headers.
 2015-05-29 10:37:39 -04:00
Johanna Amann
3bd513785f make rule id generation in non-cluster mode work again 2015-05-28 16:58:55 -07:00
Johanna Amann
99dcb40c67 Clusterize pacf 
This changes the type of user-exposed IDs from counts to strings.
Also makes the init functions work for the first time.
 2015-05-27 18:01:53 -07:00
Johanna Amann
ad2361b7ac remove (disfunctional) notifications from pacf 2015-05-27 07:37:50 -07:00
Johanna Amann
f2be226a5a make openflow framework work in clusters. 2015-05-26 13:55:16 -07:00
Johanna Amann
0a49b8cdf6 add pacf plugin that directly outputs messages to broker. 
Also fix a few problems in pacf in the process of doing this.
 2015-05-26 11:19:55 -07:00
Daniel Thayer
9cde2be727 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-improvements-2.4 2015-05-25 11:59:34 -05:00
Johanna Amann
94fbd492ca update a few consts to openflow 1.3 - we downconvert them to the less 
common 1.0 in the controller when necessary.
 2015-05-23 12:17:56 -07:00
Johanna Amann
30e305cf4b we also really want to get notifications upon flow removal 2015-05-22 19:19:11 -07:00
Johanna Amann
870acea8a9 deal with the fact that some pacf rules create two openflow messages 
and that the return events need to unify them again...

More or less untested.
 2015-05-22 18:59:40 -07:00
Johanna Amann
93b79c87bd it makes much more sense for the high level api to still return rule 
numbers.
 2015-05-22 18:07:57 -07:00
Johanna Amann
b9953e7048 change type of flow_mod entries to count - the type is defined in other 
records and this leads to unfortunate problems with external scripts that would
have to convert values into bro port types themseves.
 2015-05-22 13:37:57 -07:00
Johanna Amann
5f0a630116 add support for switches notifying openflow and pacf about flow removal. 
I just noticed - the OpenFlow events also really should send the
instance of openflow that they are with them. That is a... tad
complicated though due to a number of reasons (among others how the
events are currently generated), so this will have to wait for a bit.
 2015-05-18 13:38:38 -07:00
Johanna Amann
c0111bc4d2 add flow modification to pacf and openflow. 
More or less untested, but there should not be any big problems.
 2015-05-15 13:29:44 -07:00