Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
6461 commits 385 branches 195 tags 258 MiB
Commit graph

13 commits

Author SHA1 Message Date
Seth Hall
143eee5d8d Removed SMB Auth stuff and changed "DISK" to be the default share type. 
- SMB auth information is now present in the ntlm.log.
 - Still need a heuristic to switch this to PIPE or other
   for non-DISK mounts.
 2016-04-03 15:46:02 -04:00
Seth Hall
e2dfaf8a5b Fixes to SMB file handling and logging. 
There were some cases where the log would be missing a field
or data wouldn't get sent to file analysis.  At least some of
this is fixed now and I get confused a bit less when I look
at the logs now.

Also, I made the default handling "FILE" so that things like
FILE_UNKNOWN wouldn't show up in the logs so regularly.  It's
technically correct that way, but it doesn't look good and it's
correct as FILE often enough that it make sense to make it the
default I think.
 2016-04-01 09:43:13 -04:00
Seth Hall
d249b76390 Added uid and conn_id to smb_auth log. 
Thanks for Mike Reeves and Aaron Eppert for noticing.
 2016-03-26 22:15:23 -04:00
Seth Hall
c8818da09a Fix a bug that resulted in recursion in the type system. 
- There is a bit of other minor reorganization cleanup here too.
 2016-03-07 13:50:12 -05:00
Seth Hall
ca58dc84d5 Create an smb_auth.log. 
- Brings the SMB NTLM support all the way to a log.
 - Only support SMB1 right now.
 - A bit more clean up of logged file actions and code organization.
 2016-03-07 11:17:51 -05:00
Seth Hall
d453dc149c A lot of changes to SMB analyzer. 
- Add beginning of infrastructure for pipe support in SMB2.
 - Improve identification of non-file tree mappings.
 - Stop passing pipe data to the file analysis framework.
 - Reduce log volume in smb_files.log by watching for repeated
   files being seen so that you don't end up with nearly
   the exact same log line over and over and over.
 - Lots of little whitespace and indentation changes.
 2016-03-03 14:27:15 -05:00
Seth Hall
2e2fb6831f Merge remote-tracking branch 'origin/topic/vladg/smb' into topic/seth/smb 
# Conflicts:
#	scripts/base/protocols/smb/files.bro
#	scripts/base/protocols/smb/main.bro
#	scripts/base/protocols/smb/smb1-main.bro
#	scripts/base/protocols/smb/smb2-main.bro
 2016-03-01 11:11:50 -05:00
Seth Hall
dbb5992f43 Disable the smb_cmd.log by default. 2016-02-19 00:23:05 -05:00
Vlad Grigorescu
9a73033b19 Redo DCE/RPC code. 2014-10-09 21:06:38 -04:00
Vlad Grigorescu
10db1b552d Add username tracking 2014-10-08 17:23:20 -04:00
Vlad Grigorescu
0d615b0319 Add more SMB subcommands and arguments. Log SMB1 error messages too. 2014-10-07 17:32:01 -04:00
Vlad Grigorescu
a6de23aaa3 Refine transaction2 support, rewrite SMB scripts. 2014-10-07 16:31:02 -04:00
Vlad Grigorescu
6a34de5dd8 SMB & NTLM analyzers. 2014-07-24 21:46:38 -04:00