Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 09:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
10798 commits 387 branches 195 tags 259 MiB
Commit graph

10798 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
41a68933eb Updating submodule(s). 2011-12-16 02:59:39 -08:00
Robin Sommer
84e6caed2c Merge remote branch 'origin/master' 
* origin/master:
  Cleanup some misc Broxygen css/js stuff.
  Add search box to Broxygen docs (fixes #726).

Some markup for the tracker to close the recently addresses tickets:

Closes #726.
Closes #433.
Closes #311.
Closes #664.
 2011-12-16 02:41:43 -08:00
Robin Sommer
8c53446292 Merge remote branch 'origin/fastpath' 
* origin/fastpath:
  Fixed major bug with cluster synchronization (it was broken!)
 2011-12-16 02:37:56 -08:00
Robin Sommer
4e17ef63f0 Merge remote branch 'origin/fastpath' 
* origin/fastpath:
  Fix missing action in notice policy for looking up GeoIP data.
  Better persistent state config warning messages (fixes #433).
  A few updates for SQL injection detection.
  Fixed some DPD signatures for IRC.  Fixes ticket #311.
  Removing Off_Port_Protocol_Found notice.
  SSH::Interesting_Hostname_Login cleanup.  Fixes #664.
  Teach Broxygen to more generally reference attribute values by name.
  Fixed a really dumb bug that was causing the malware hash registry script to break.
  Fix Broxygen confusing scoped id at start of line as function parameter.
  Remove remnant of libmagic optionality
 2011-12-16 02:36:43 -08:00
Matthias Vallentin
3ab03874b5 Merge branch 'topic/script-reference' into topic/bif_cleanup 
Conflicts:
	src/bro.bif
 2011-12-15 22:54:52 -08:00
Seth Hall
0b8b14a0ed Fixed major bug with cluster synchronization (it was broken!) 2011-12-15 15:59:51 -05:00
Seth Hall
b66c73baaa Fixed more bugs with delayed emails. 2011-12-15 15:57:42 -05:00
Jon Siwek
fc9a38a796 Cleanup some misc Broxygen css/js stuff. 2011-12-15 13:01:23 -06:00
Jon Siwek
d04558dc45 Add search box to Broxygen docs (fixes #726). 2011-12-15 13:00:29 -06:00
Jon Siwek
f302f2f3f2 Fix &default fields in records not being initialized in coerced assignments. 
Addresses #722
 2011-12-15 12:16:42 -06:00
Seth Hall
667dcb251a Working around a problem with setting default container types. 2011-12-15 12:51:14 -05:00
Seth Hall
cb904cec4f Ugh, still major failure. I'm just cutting the timeout handling for now. 2011-12-15 12:46:15 -05:00
Seth Hall
f1f5719f83 Fixed a small bug major problem with email delay timeout catching. 2011-12-15 12:41:05 -05:00
Seth Hall
2d97e25eeb Initial fixes for the problem of async actions with notice email extensions. 2011-12-15 12:27:41 -05:00
Robin Sommer
28c0733dca Adding todo to all protocol events that aren't generated yet because 
2.0 doesn't activate the analyzer.

Seth, can you double-check whether I got the right events?
 2011-12-15 06:40:21 -08:00
Robin Sommer
55c982fa14 Adding Broxygen comments to init-bare.bro. 
I've left a few TODOs in there for protocol-specific fields that I
couldn't directly figure out in their meaning. Feel free to fill in
where you can.
 2011-12-15 06:38:59 -08:00
Jon Siwek
303993254e Add more DPD and packet filter framework docs. 2011-12-14 16:07:36 -06:00
Jon Siwek
d89658c19b Add more signature framework documentation. 2011-12-14 12:50:54 -06:00
Jon Siwek
a543ebbea5 Add more notice framework documentation. 2011-12-14 10:05:52 -06:00
Jon Siwek
86cba4c33f Fix missing action in notice policy for looking up GeoIP data. 2011-12-13 16:17:44 -06:00
Jon Siwek
ae57cbe5fc Better persistent state config warning messages (fixes #433). 2011-12-13 09:52:26 -06:00
Matthias Vallentin
362b8105fd More directive fixes. 2011-12-12 13:18:55 -08:00
Matthias Vallentin
6ba62b200d Remove X.509 from first-sentence documention. 
It turns out that Doxygen uses the first dot (in X.509) as marker for the
one-sentence summary.
 2011-12-12 13:12:52 -08:00
Matthias Vallentin
b04b5fea16 Mark match_signatures as internal. 2011-12-12 13:12:24 -08:00
Seth Hall
61aa592db5 A few updates for SQL injection detection. 
- The biggest change is the change in notice names from
	HTTP::SQL_Injection_Attack_Against to
	HTTP::SQL_Injection_Victim

- A few new SQL injection attacks in the tests that we need to
  support at some point.
 2011-12-12 14:26:54 -05:00
Jon Siwek
ff7a1ed9d5 Fix some sphinx warnings. 2011-12-12 11:07:18 -06:00
Matthias Vallentin
72a7814657 Document currently dysfunctional anonymization BiFs. 2011-12-11 19:10:21 -08:00
Matthias Vallentin
50d5571939 Give mode2string a more generic name. 2011-12-11 18:49:00 -08:00
Matthias Vallentin
3814313b0b Merge branch 'master' into topic/bif_cleanup 2011-12-11 18:47:19 -08:00
Matthias Vallentin
1b646c9119 Reorder and group BiFs. 2011-12-10 23:13:04 -08:00
Matthias Vallentin
e17206e7ff Merge branch 'topic/script-reference' of ssh://git.bro-ids.org/bro into topic/script-reference 2011-12-10 22:15:03 -08:00
Matthias Vallentin
4a9a17292f Finish documenting bro.bif. 2011-12-10 22:14:48 -08:00
Seth Hall
76a0b9ad3c Fixed some DPD signatures for IRC. Fixes ticket #311. 
- The larger issue from ticket 313 still stands.
 2011-12-10 22:33:49 -05:00
Seth Hall
6478b4acaf Removing Off_Port_Protocol_Found notice. 
- Other very small cleanup.
 2011-12-10 00:18:10 -05:00
Seth Hall
b1c891f857 Merge branch 'fastpath' of ssh://git.bro-ids.org/bro into fastpath 2011-12-10 00:13:49 -05:00
Seth Hall
00fb187927 SSH::Interesting_Hostname_Login cleanup. Fixes #664. 2011-12-10 00:13:37 -05:00
Bernhard Amann
dcc7fe3c38 start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface... 2011-12-09 16:47:58 -08:00
Jon Siwek
8e89d78788 Add more cluster and communication framework documentation. 2011-12-09 17:31:47 -06:00
Seth Hall
ec721dffec Added is_orig fields to the SSL events and adapted script. 
- Added a field named $last_alert to the SSL log.  This doesn't even
  indicate the direction the alert was sent, but we need to start somewhere.

- The x509_certificate function has an is_orig field now instead of
  is_server and it's position in the argument list has moved.

- A bit of reorganization and cleanup in the core analyzer.
 2011-12-09 16:56:12 -05:00
Jon Siwek
2cf7bb5788 Teach Broxygen to more generally reference attribute values by name. 2011-12-09 15:39:31 -06:00
Jon Siwek
1f57827e54 Add more logging framework documentation. 2011-12-09 14:30:21 -06:00
Bernhard Amann
0313039977 log protocol in notices. 2011-12-08 14:44:45 -08:00
Bernhard Amann
311cd1b116 after talking to seth - change host_a field in record back to host. 2011-12-08 14:25:46 -08:00
Bernhard Amann
e0b7dc0451 fix compile warnings 2011-12-08 14:12:59 -08:00
Jon Siwek
6d3b29b0ec Add builtin type documentation, clean up format of attribute docs. 2011-12-08 15:55:38 -06:00
Seth Hall
3391270527 Fixed a really dumb bug that was causing the malware hash registry script to break. 2011-12-08 14:25:52 -05:00
Seth Hall
04e2773d30 Fixed some bugs with capturing data in the base DNS script. 2011-12-08 13:06:45 -05:00
Jon Siwek
80b24513e7 Fix Broxygen confusing scoped id at start of line as function parameter. 2011-12-07 17:08:38 -06:00
Bernhard Amann
7e3ebc1817 forgotten policy files. 2011-12-07 15:03:36 -08:00
Jon Siwek
5126b65493 Add reporter bif/framework documentation. 2011-12-07 16:54:40 -06:00