Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
7741 commits 388 branches 195 tags 269 MiB
Commit graph

2109 commits

Author SHA1 Message Date
Christian Struck
fef8476690 [FIX] small codestyle changes 2014-11-10 16:49:20 -08:00
akasza
ea79c07730 uri parsing complete 2014-11-06 19:52:03 -08:00
akasza
69ce4d3038 uri_decompose complete, need btests 2014-11-06 19:47:28 -08:00
Christian Struck
8e2c269c2e [ADD] status function to get flows from switch, error handling. 
Added a function to receive status from the switch through the
openflow controller. (not yet implemented anywhere)

The flow_mod and flow_stats function now have default values which
report that the function is not implemented when they're called but
no plugin has registered its functions for them.
 2014-11-06 15:53:09 -08:00
akasza
3c42350e77 uri parsing function 2014-11-05 20:44:03 -08:00
Seth Hall
e879aa78f5 Merge remote-tracking branch 'origin/topic/seth/mime-updates' into topic/seth/files-reassembly-and-mime-updates 
Conflicts:
	scripts/base/init-bare.bro
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 11:42:34 -05:00
Seth Hall
842dfd8b4a Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/seth/files-reassembly-and-mime-updates 
Conflicts:
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 11:40:26 -05:00
Seth Hall
7ee34981aa Improve TAR file detection and other small changes. 
- Remove all of the x-c detections.  Nearly all false
    positives.

  - Remove the back up TAR detections.  Not very helpful.

  - Remove one of the x-elc detections that was too loose
    and caused many false positives.
 2014-11-05 11:31:48 -05:00
Seth Hall
efdfef7970 Merge remote-tracking branch 'origin/master' into topic/seth/mime-updates 
Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 10:57:57 -05:00
Seth Hall
7a52b8eb56 Merge remote-tracking branch 'origin/topic/vladg/cryptoapi' 
* origin/topic/vladg/cryptoapi:
  Add Windows detection based on CryptoAPI HTTP traffic as a software framework policy script.
 2014-11-05 09:47:17 -05:00
Vlad Grigorescu
31baaf6499 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 2014-11-04 13:18:56 -05:00
Vlad Grigorescu
98c33139c5 Merge remote-tracking branch 'origin/master' into topic/vladg/smb 
Conflicts:
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-04 13:17:18 -05:00
Vlad Grigorescu
7e0599039b Merge branch 'topic/vladg/cryptoapi' into topic/vladg/kerberos 2014-11-04 13:13:34 -05:00
Vlad Grigorescu
0bd45d54c8 Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos 2014-11-04 13:12:12 -05:00
Vlad Grigorescu
d600d41a55 Add Windows detection based on CryptoAPI HTTP traffic as a software framework policy script. 2014-11-03 13:52:58 -05:00
Johanna Amann
705989da39 add new curves from draft-ietf-tls-negotiated-ff-dhe 2014-11-01 19:37:27 -07:00
Vlad Grigorescu
b484da1539 Update baselines. 2014-10-31 16:45:48 -04:00
Vlad Grigorescu
c601ebccb8 Fix a logic bug with handling quits after the cleanup. 2014-10-31 16:24:48 -04:00
Vlad Grigorescu
119ad59b70 Integrate MySQL with the software framework 2014-10-31 12:17:47 -04:00
Vlad Grigorescu
e2ad93c543 A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit 2014-10-31 12:08:13 -04:00
Christian Struck
c705375537 [ADD] made code event based, changed code style 
the openflow framework does now use events to signal
the success or failure of openflow commands, further
the reporter framework is used to log errors.

added bro unique cookie, so the framework can recognize
which flows it installed and which not.

documented all of the code.

the code style should now me more like the rest of the
bro code.
 2014-10-30 18:12:55 -07:00
Vlad Grigorescu
e6d6ba6ec6 Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos 
Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-10-27 13:56:07 -04:00
Vlad Grigorescu
b259a41ef2 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 
Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-10-27 13:24:31 -04:00
Robin Sommer
4216a5eb1c Merge remote-tracking branch 'origin/topic/struck/BIT-1277' 
* origin/topic/struck/BIT-1277:
  [ADD] Added the feature to return 0 content to the python http test server and added functionality for post requests
  [ADD] added baseline for the new active-http test and added a test to check for the content-length 0 fix.
  [ADD] added baseline for the new exec test and added a test to check for the empty files fix.
  [FIX] exec should write an empty string when file is empty instead of the filename
  [FIX] Add files to result table even if the files are empty

BIT-1277 #merged
 2014-10-24 11:43:09 -07:00
Christian Struck
bf6dc12be4 [ADD] the possibility to remove flows and refactored the flow_mod function to fit the new capabilities. Also started to comment more of the code 2014-10-23 18:20:40 -07:00
Christian Struck
04746c7ffc [FIX] exec should write an empty string when file is empty instead of the filename 2014-10-22 11:57:03 -07:00
Robin Sommer
2002fd7f90 Merge remote-tracking branch 'origin/topic/johanna/ssl-resumption' 
* origin/topic/johanna/ssl-resumption:
  Update baseline of new SSL policy script for changes
  update test baselines
  Mark everything below 2048 bit as a weak key (Browsers will stop accepting 1024 bits soon, so we can be of that opinion too).
  add information about server chosen protocol to ssl.log, if provided by alpn.
  change SSL log to contain a boolean flag signaling if a session was resumed instead of the (usually not really that useful) session ID the client sent.

BIT-1279 #merged
 2014-10-21 13:44:46 -07:00
Johanna Amann
ba3b35a612 Merge remote-tracking branch 'origin/master' into topic/johanna/ssl-resumption 2014-10-21 11:32:46 -07:00
Christian Struck
6c2a8cdff4 Seth's *any type* to JSON converter, slightly changed 2014-10-20 17:13:01 -07:00
Christian Struck
676207e968 Small implementation of the RYU restAPI functionality to add flows. 2014-10-20 17:10:49 -07:00
Christian Struck
d426f36ebe Small openflow api, that provides functionality to add flows. 2014-10-20 17:09:44 -07:00
Christian Struck
5555757b2d Simple test sciprt that uses a RYU controller with its restAPI and shunts a flow after a specified amount of traffic 2014-10-20 17:05:13 -07:00
Christian Struck
4c305d6b92 [FIX] Add files to result table even if the files are empty 2014-10-20 15:59:58 -07:00
Vlad Grigorescu
9a73033b19 Redo DCE/RPC code. 2014-10-09 21:06:38 -04:00
Vlad Grigorescu
c4eb7e2377 Add support for TRANSACTION subcommands. 2014-10-08 18:01:55 -04:00
Vlad Grigorescu
10db1b552d Add username tracking 2014-10-08 17:23:20 -04:00
Vlad Grigorescu
f38a580c8c Add support for transaction2 Find_First2. 2014-10-08 16:29:51 -04:00
Vlad Grigorescu
261f6e8c45 Fix a segfault, and add script-level support for some more commands. 2014-10-08 12:06:33 -04:00
Vlad Grigorescu
e9c398a41c Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/vladg/smb 2014-10-08 10:54:56 -04:00
Seth Hall
d77243823f Updates for file mime type identification. 
- Change to the default BOF buffer size to 3000 (was 1024).
 - Reorganized MS signatures into a separate file
 - Improved lots of the signatures and added new ones.
 2014-10-08 02:12:10 -04:00
Vlad Grigorescu
0d615b0319 Add more SMB subcommands and arguments. Log SMB1 error messages too. 2014-10-07 17:32:01 -04:00
Vlad Grigorescu
a6de23aaa3 Refine transaction2 support, rewrite SMB scripts. 2014-10-07 16:31:02 -04:00
Seth Hall
80656d5294 Improves shockwave flash file signatures. 
- This moves the signatures out of the libmagic imported signatures
   and into our own general.sig.

 - Expand the detection to LZMA compressed flash files.
 2014-10-06 11:13:13 -04:00
Johanna Amann
470d868558 new ssl extension type from iana and a few other ssl const changes. 2014-09-28 14:29:12 +02:00
Seth Hall
e4ca588127 Does the initial effort to add the SMB2 SetInfo command and better handle file lengths. 2014-09-27 03:11:01 -04:00
Seth Hall
cafd35e746 Updates the files event api and brings file reassembly up to master. 2014-09-26 00:40:37 -04:00
Vlad Grigorescu
6ee2ec666f Merge remote-tracking branch 'origin/master' into topic/vladg/smb 
Conflicts:
	src/analyzer/protocol/smb/Plugin.cc
 2014-09-24 18:38:43 -04:00
Seth Hall
42b2d56279 Merge remote-tracking branch 'origin/master' into topic/seth/files-tracking 
Conflicts:
	scripts/base/frameworks/files/main.bro
	src/file_analysis/File.cc
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.actions.data_event/out
 2014-09-23 13:05:39 -04:00
Seth Hall
8d283db63b Adds a "node" field to Intel::Seen struture and intel.log. 
The intel framework can now indicate which node discovered a
hit on an intel item through the new "node" field in the
Intel::Seen data structure.  On clusters, this field will
contain the name of the node where the hit was seen.
 2014-09-23 12:23:39 -04:00
Daniel Thayer
d226fef723 Fixed some "make doc" warnings caused by reST formatting 2014-09-16 12:44:51 -05:00