Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
4678 commits 386 branches 195 tags 257 MiB
Commit graph

24 commits

Author SHA1 Message Date
Bernhard Amann
7eb6b5133e Fix circular reference problem and a few other small things. 
SSL::Info now holds a reference to Files::Info instead of the
fa_files record.

Everything should work now, if everyone thinks that the interface is
ok I will update the test baselines in a bit.

addresses BIT-953, BIT-760
 2014-03-04 05:30:32 -08:00
Bernhard Amann
110d9fbd6a X509 file analyzer nearly done. Verification and most other policy scripts 
work fine now.

Todo:
 * update all baselines
 * fix the circular reference to the fa_file structure I introduced :)
   Sadly this does not seem to be entirely straightforward.

addresses BIT-953, BIT-760
 2014-03-03 17:07:50 -08:00
Bernhard Amann
a1f2ab34ac Add verify functionality, including the ability to get the validated 
chain. This means that it is now possible to get information about the
root-certificates that were used to secure a connection.

Intermediate commit before changing the script interface again.

addresses BIT-953, BIT-760
 2014-03-03 10:49:28 -08:00
Bernhard Amann
7ba6bcff2c Second try on the event interface. 
Now the x509 opaque is wrapped in the certificate structure. After
pondering on it for a bit, this might not be the brightest idea.
 2014-02-28 02:43:16 -08:00
Bernhard Amann
30860e4226 Merge remote-tracking branch 'origin/master' into topic/bernhard/file-analysis-x509 
Conflicts:
	src/analyzer/protocol/ssl/events.bif
	src/analyzer/protocol/ssl/ssl-analyzer.pac
 2014-02-28 01:49:16 -08:00
Jon Siwek
ab4508486e Minor unified2 script documentation fix. 2014-02-03 16:55:23 -06:00
Bernhard Amann
f821a13cce Merge remote-tracking branch 'origin/master' into topic/bernhard/file-analysis-x509 
Conflicts:
	src/analyzer/protocol/ssl/events.bif

Still broken.
 2014-01-28 06:43:08 -08:00
Daniel Thayer
72a4a90416 Add more script package README files 
The text from these README files appears on the "Bro Script Packages"
page after building the documentation.
 2013-10-23 16:36:14 -05:00
Daniel Thayer
b5af589246 Improvements to file analysis docs 
Fixed reference to wrong field name.
Added documentation of a function arg.
Added a couple references to other parts of the documentation.
Explained how not specifying extraction filename results in automatic
filename generation.
Several other minor clarifications.
 2013-10-11 16:31:53 -05:00
Daniel Thayer
7ddc670a02 Fix typos and formatting in the file analysis docs 2013-10-10 12:46:11 -05:00
Bernhard Amann
df552ca87d parse out extension. One event for general extensions (just returns the 
openssl-parsed string-value), one event for basicconstraints (is a certificate
a CA or not) and one event for subject-alternative-names (only DNS parts).
 2013-09-19 14:41:34 -07:00
Bernhard Amann
e5a589dbfe Very basic file-analyzer for x509 certificates. Mostly ripped from 
the ssl-analyzer and the topic/bernhard/x509 branch.

Simply prints information about the encountered certificates (I have
not yet my mind up, what I will log...).

Next step: extensions...
 2013-09-16 14:08:22 -07:00
Jon Siwek
17d0ecd388 File extraction tweaks. 
- Default extraction limit of 100MB now provided via a tuning script
  loaded in local.bro so that command-line Bro is unlimited by default.

- Extraction directory is now created on request of file extraction
  rather than unconditionally in bro_init().
 2013-08-23 11:57:07 -05:00
Jon Siwek
89ae4ffd05 Add options to limit extracted file sizes w/ 100MB default. 2013-08-22 16:37:58 -05:00
Robin Sommer
a646fde884 Merge remote-tracking branch 'origin/topic/seth/unified2-analyzer' into topic/robin/unified2-analyzer-merge 
* origin/topic/seth/unified2-analyzer:
  Fixed a problem where the Unified2 analyzer was attached to every file.
  Fixing intel framework tests.
  Updating submodule(s).
  Add file name support to intel framework.
  Add file support to intel framework and slightly restructure intel http handling.

Conflicts:
	CHANGES
	VERSION
	scripts/base/files/unified2/main.bro
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2013-08-14 10:27:26 -07:00
Seth Hall
f8f465e259 Fixed a problem where the Unified2 analyzer was attached to every file. 2013-08-14 01:01:03 -04:00
Robin Sommer
83eae53f54 Merge remote-tracking branch 'origin/topic/seth/unified2-analyzer' 
BIT-1054 #merged

* origin/topic/seth/unified2-analyzer:
  Fixes in case a packet isn't seen that matches an event.
  Finished work on unified2 analyzer.
  Fixed some tests.
  Working unified2 analyzer.
  Unified2 file analyzer updated to new plugin style.
  Adding the unified2 analyzer.

Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2013-08-13 18:37:52 -07:00
Seth Hall
e0de1a2d00 Fixes in case a packet isn't seen that matches an event. 2013-08-13 08:55:11 -04:00
Seth Hall
f7c6dd7f7e Finished work on unified2 analyzer. 2013-08-13 03:21:43 -04:00
Seth Hall
95161a920c Fixed some tests. 2013-08-12 15:31:31 -04:00
Seth Hall
091c8f3ebc Working unified2 analyzer. 
- No output by default yet.  Most of the activity is centered
   around generating the Unified2::alert event which ties together
   an IDSEvent and a packet.
 2013-08-12 14:57:12 -04:00
Seth Hall
04de4ce24b Unified2 file analyzer updated to new plugin style. 2013-08-10 22:26:32 -04:00
Seth Hall
df2841458d Large overhaul in name and appearance for file analysis. 2013-07-05 02:00:14 -04:00
Seth Hall
190f98f8a9 Beginning some rework. 2013-06-03 10:51:53 -04:00