Seth Hall
d6a7322a75
Merge branch 'topic/jgras/intel-update' of https://github.com/J-Gras/bro into topic/seth/intel-update-merge
...
# Conflicts:
# testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
# testing/btest/Baseline/scripts.policy.frameworks.intel.seen.certs/intel-all.log
2016-08-02 15:50:43 -04:00
Seth Hall
6bc7c3f1be
Merge remote-tracking branch 'origin/master' into J-Gras-topic/jgras/bit-1507
...
# Conflicts:
# testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
2016-06-15 10:32:46 -04:00
Jan Grashoefer
cb33028702
Added hook to allow extending the intel log.
...
The extension mechanism is basically the one that Seth introduced with
his intel extensions. The main difference lies in using a hook instead
of an event. An example policy implements whitelisting.
2016-05-11 23:59:46 +02:00
Jan Grashoefer
859eb5eac7
Merge branch 'master' into topic/jgras/intel-update
2016-05-11 18:59:58 +02:00
Johanna Amann
00e759b44c
Intel: CERT_HASH indicator type was never checked
...
Hence, when people specify data of type CERT_HASH in their intel source
files, it will never trigger an alert.
2016-04-11 15:50:55 +02:00
Jan Grashoefer
6f891ca2ff
Added test-case for intel framework matching email
...
Addresses #1507
2015-12-16 14:51:02 +01:00
Johanna Amann
0d9869a2aa
(Hopefully) fix race condition between trace and intel file.
2015-07-15 09:14:36 -07:00
Johanna Amann
946f19fb9d
Use our new features to send the CN and SAN fields of certificates to
...
the intel framework.
2015-03-03 17:15:24 -08:00
