Justin Azoff
c74218568a
Ensure that the notice uid field is filled in.
2016-09-19 22:11:31 -04:00
Justin Azoff
f9b3f739e4
Move lookup_addr when statement
...
Move the when statement to a function so that the connection record is
not in scope. Cloning a connection record is an expensive operation and
this avoids it and this avoids it.
2016-08-17 10:41:41 -04:00
Jon Siwek
dcbd0819a6
Updates related to SSH analysis.
...
- Some scripts used wrong SSH module/namespace scoping on events.
- Fix outdated notice documentation related to SSH password guessing.
- Add a unit test for SSH pasword guessing notice.
2015-03-30 11:30:48 -05:00
Vlad Grigorescu
8218461d35
Update SSH policy scripts with new events.
2015-03-16 13:50:43 -04:00
Daniel Thayer
9374a7d584
Fix typos and formatting in the policy/protocols docs
...
Also updated a test related to these changes, and adjusted line numbers.
2013-10-21 02:34:28 -05:00
Seth Hall
48ed922e06
SSH&FTP Documentation updates.
...
Closes #732
2012-01-08 01:16:40 -05:00
Jon Siwek
a4117016e9
Merge branch 'master' into topic/script-reference
...
Conflicts:
aux/broccoli
aux/broctl
scripts/base/frameworks/notice/main.bro
src/event.bif
2011-12-19 16:17:58 -06:00
Jon Siwek
cc1459ef35
Fix some malformed Broxygen xref roles.
2011-12-16 14:30:36 -06:00
Seth Hall
00fb187927
SSH::Interesting_Hostname_Login cleanup. Fixes #664 .
2011-12-10 00:13:37 -05:00
Seth Hall
43da40f2c6
Changed the notice name for interesting ssh logins to correctly reflect semantics of the notice.
...
- SSH::Login_From_Interesting_Hostname is now SSH::Interesting_Hostname_Login
- Added some documentation.
2011-10-21 14:03:03 -04:00
Seth Hall
fc5f22cb5d
Merge remote-tracking branch 'origin/topic/jsiwek/reorg-followup'
2011-08-25 16:44:31 -04:00
Seth Hall
c750f0c327
Fixing bug in "interesting hostnames" detection.
2011-08-22 16:38:24 -04:00
Jon Siwek
351b13d1c8
Fix more bare-mode @load dependency problems
2011-08-11 11:47:12 -05:00
Seth Hall
9c2273b7a7
Updates for SSH scripts.
2011-08-11 01:35:50 -04:00
