Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 17:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
12288 commits 385 branches 195 tags 260 MiB
Commit graph

2381 commits

Author SHA1 Message Date
Kris Nielander
d8c9b7255e Allow Bro to run in fanout mode. 2015-08-09 22:45:23 +02:00
Kris Nielander
f5429ee794 Allow libpcap buffer size to be set manually. 2015-08-09 22:45:09 +02:00
Liang Zhu
adbc0b1eaf Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-08-05 17:15:09 -07:00
Jan Grashoefer
55dc982a33 Update calls of Base64 functions. 
Base64 encoding-errors during authentication in POP3 analyzer,
authentication in FTP analyzer (using GSI) and basic
authentication on HTTP will be logged to Weird.
 2015-08-05 11:33:57 +02:00
Robin Sommer
4c2aa804e1 Merge branch 'master' of https://github.com/albertzaharovits/bro 
* 'master' of https://github.com/albertzaharovits/bro:
  Appended smtp.trace with CC: header baseline test
  SMTP logs include CC: addresses [BIT-1429]
 2015-07-31 08:56:39 -07:00
Liang Zhu
e9f028be4c Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-28 13:47:21 -07:00
Johanna Amann
7c71eca7d0 Merge remote-tracking branch 'origin/master' into topic/johanna/netcontrol 2015-07-27 14:49:38 -07:00
Robin Sommer
ba10115181 Merge branch 'topic/jgras/flash-detection' of https://github.com/J-Gras/bro 
Switching from using the http_all_headers() event to
http_message_done(). That delays it a bit, but is the less expensive
event.

* 'topic/jgras/flash-detection' of https://github.com/J-Gras/bro:
  Updated detection of Flash and AdobeAIR.
 2015-07-27 11:05:49 -07:00
Albert Zaharovits
b4e8a44630 SMTP logs include CC: addresses [BIT-1429] 2015-07-26 22:08:43 +03:00
Jan Grashoefer
b765c95d6e Updated detection of Flash and AdobeAIR. 2015-07-24 14:33:53 +02:00
Liang Zhu
49c570593a check value before assign 2015-07-23 15:46:23 -07:00
Robin Sommer
fb848f795d Merge branch 'master' of https://github.com/aaronmbr/bro 
* 'master' of https://github.com/aaronmbr/bro:
  Copy-paste issue
  Allow for logging of the VLAN data about a connection in conn.log
  Save the inner vlan in the Packet object for Q-in-Q setups
 2015-07-23 13:05:28 -07:00
Aaron Brown
f29dbb90a5 Allow for logging of the VLAN data about a connection in conn.log 2015-07-22 14:13:17 -04:00
Johanna Amann
4a5737708c Basic IMAP StartTLS analyzer. 
Parses certificates out of imap connections using StartTLS. Aborts
processing if StartTLS is not found.
 2015-07-22 10:35:49 -07:00
Liang Zhu
62225d5f5f Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-21 18:40:45 -07:00
Johanna Amann
0b897c70da Add xmpp dpd sig and fix a few parsing problems for connections that do 
not upgrade to TLS.
 2015-07-21 13:20:35 -07:00
Johanna Amann
574bcb0a51 Add simple XMPP StartTLS analyzer. 
This is a very simple XMPP analyzer that basically only can parse the
protocol until the client and server start negotiating a TLS session. At
that point, the TLS analyzer is attached.

While the basic case seems to be working, I fully expect that I missed
something and that this might break in a lot of cases.
 2015-07-21 12:18:14 -07:00
Robin Sommer
358f3bfe84 Merge branch 'topic/robin/rework-packets-merge' 2015-07-21 08:32:08 -07:00
Liang Zhu
fa654121ec fix url parsing bug 2015-07-20 15:46:21 -07:00
Liang Zhu
b4fce308f0 minor change to deal with empty request 2015-07-18 19:36:47 -07:00
Liang Zhu
4e8d15d8d1 small bug fix 2015-07-18 01:53:28 -07:00
Liang Zhu
0c3b03ac8d log original uri and fix GET url parsing 2015-07-18 01:06:31 -07:00
Robin Sommer
fe3579f1b4 Merge branch 'topic/rework-packets' of https://github.com/jsbarber/bro 
* 'topic/rework-packets' of https://github.com/jsbarber/bro:
  One more tinker to Packet -- ensure no uninitialized values
  Packet::IP()-created IP_Hdr should not free
  Make enums work for non-C++11 config
  Refactor to make bro use a common Packet object. Do a better job of parsing layer 2 and keeping track of layer 3 proto. Add support for raw packet event, including Layer2 headers.

Conflicts:
	aux/plugins
 2015-07-17 12:56:04 -07:00
Liang Zhu
569e637eb1 small changes for parsing GET url 2015-07-16 19:31:58 -07:00
Liang Zhu
d20925f230 make parsing GET url more robust 2015-07-16 19:07:13 -07:00
Liang Zhu
00a0313967 fix a bug for parsing OCSP Get request 2015-07-16 18:10:05 -07:00
Johanna Amann
5f07268805 Small changes to iana tls registry. 2015-07-16 16:40:35 -07:00
Liang Zhu
f0c642cd25 update logging for ocsp and baseline 2015-07-15 13:31:41 -07:00
Liang Zhu
fb757d96a6 clean up ocsp/main.bro 2015-07-15 10:39:46 -07:00
Liang Zhu
c2f1c428f0 fix a bug and update baseline 2015-07-15 01:06:12 -07:00
Liang Zhu
01094bfc43 add parsing ocsp request in get url 2015-07-15 00:40:39 -07:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00
Johanna Amann
eb9fbd1258 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-07-08 12:15:09 -07:00
Liang Zhu
d18a96bc8d separated field for ocsp response timestamp and update baseline 2015-07-06 16:12:52 -07:00
Robin Sommer
c1f060be63 Merge branch 'topic/yunzheng/bit-1314' 
I've worked on this a bit more:

    - Added tcp_max_old_segments to init-bare.bro.
    - Removed the existing call to Overlap() as that now led to
      duplicate events.
    - Fixed the code checking for overlaps, as it didn't catch all the
      cases.

BIT-1314 #merged
GitHub #31 merged

* topic/yunzheng/bit-1314:
  BIT-1314: Added QI test for rexmit_inconsistency
  BIT-1314: Add detection for Quantum Insert attacks
 2015-07-03 08:40:12 -07:00
Liang Zhu
8844d344af add connection in ocsp log 2015-07-02 17:46:43 -07:00
Liang Zhu
356480745c add function to get hash of cert issuer name 2015-06-19 15:01:31 -07:00
Liang Zhu
d1c568663c add btest and fix bug 2015-06-19 09:37:10 -07:00
Liang Zhu
d84d1d24e8 add ocsp logging 2015-06-17 19:18:37 -07:00
Liang Zhu
e9baddfd6b add a file analyzer to parse ocsp request and response 
add two events: ocsp_request and ocsp_response
 2015-06-15 11:05:04 -07:00
Robin Sommer
582da62d04 Fix reporter errors with GridFTP traffic. 2015-06-08 09:42:06 -07:00
Johanna Amann
17796182c6 fix acld plugin to use address instead of subnet (and add functions for 
conversion)
 2015-06-05 00:00:20 -07:00
Johanna Amann
cedb80ff74 implement quarantine 2015-06-04 16:21:30 -07:00
Johanna Amann
e6834367fd miscelaneous missing bits and pieces 2015-06-04 11:16:42 -07:00
Johanna Amann
ee645dfce9 Acld implementation for Pacf - Bro side. 
Still needs a few small fixes to deal with the fact that acld does not
always accept subnets.
 2015-06-03 11:06:01 -07:00
Johanna Amann
f88a1337c0 add basic catch-and-release functionality (without own logging so far). 2015-06-02 15:04:11 -07:00
Johanna Amann
1439c244fc add hook to pacf that allows users to modify all rules or implement 
whitelists or similar.
 2015-06-02 14:23:25 -07:00
Johanna Amann
ed40855152 add support for multiple backends with same priority 2015-06-02 12:34:44 -07:00
Robin Sommer
a6618eb964 Merge branch 'master' of git.bro.org:bro 2015-06-02 10:37:31 -07:00
Seth Hall
217ccf6063 Add signature support for F4M files. 2015-06-02 12:48:53 -04:00