Mirror/zeek - git.uphillsecurity.com: We code.

mirror of https://github.com/zeek/zeek.git synced 2025-10-11 02:58:20 +00:00

Author	SHA1	Message	Date
Seth Hall	0bde911bd4	Add file support to intel framework and slightly restructure intel http handling.	2013-08-13 13:21:08 -04:00
Seth Hall	e0de1a2d00	Fixes in case a packet isn't seen that matches an event.	2013-08-13 08:55:11 -04:00
Seth Hall	f7c6dd7f7e	Finished work on unified2 analyzer.	2013-08-13 03:21:43 -04:00
anthonykasza	c9313df382	levenshtein distance function unit test	2013-08-12 21:29:57 -05:00
Robin Sommer	d4820cd43b	Updating submodule(s). [nomail]	2013-08-12 16:18:55 -07:00
Robin Sommer	2bef4111a3	Updating submodule(s). [nomail]	2013-08-12 16:05:14 -07:00
Robin Sommer	b72c2a9764	Fixing bug in DNP3 analyzer flagged by compiler warning.	2013-08-12 14:38:37 -07:00
Robin Sommer	3780cab38b	Updating submodule(s). [nomail]	2013-08-12 14:18:20 -07:00
Robin Sommer	4697158898	Updating submodule(s). [nomail]	2013-08-12 14:15:41 -07:00
Robin Sommer	aec77c7cfe	Merge remote-tracking branch 'origin/master' into topic/documentation Conflicts: doc/index.rst doc/scripts/builtins.rst testing/btest/btest.cfg	2013-08-12 14:03:49 -07:00
Seth Hall	95161a920c	Fixed some tests.	2013-08-12 15:31:31 -04:00
Seth Hall	091c8f3ebc	Working unified2 analyzer. - No output by default yet. Most of the activity is centered around generating the Unified2::alert event which ties together an IDSEvent and a packet.	2013-08-12 14:57:12 -04:00
Robin Sommer	47bf045893	Updating submodule(s). [nomail]	2013-08-12 11:53:52 -07:00
Robin Sommer	45f1b89f60	Merge branch 'topic/robin/dnp3-merge-v3' Includes a bit more docs/comments cleanup. We should eventually document the events further but it should suffice for now. * topic/robin/dnp3-merge-v3: Tiny bit of cleanup and adapting the new test. added a test case for dnp3 packets with only link layer added condition to check DNP3 packet without app layer data Fixing well-known port. Pluginizing the DNP3 analyzer, plus a basic script logging requests and replies.	2013-08-12 11:39:03 -07:00
Bernhard Amann	baef38976d	Merge remote-tracking branch 'origin/topic/bernhard/hyperloglog' into topic/bernhard/hyperloglog	2013-08-12 09:50:43 -07:00
Bernhard Amann	2a684cd486	Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog	2013-08-12 09:48:03 -07:00
Bernhard Amann	d83edf8068	Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog Conflicts: src/NetVar.cc src/NetVar.h src/SerialTypes.h src/probabilistic/CMakeLists.txt testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro testing/btest/scripts/base/frameworks/sumstats/basic.bro	2013-08-12 09:47:53 -07:00
Robin Sommer	a927189bdb	Tiny bit of cleanup and adapting the new test.	2013-08-11 16:20:08 -07:00
Hui Lin	bced60f7a8	added a test case for dnp3 packets with only link layer	2013-08-11 16:02:44 -07:00
Hui Lin	21d45a435c	added condition to check DNP3 packet without app layer data Conflicts: src/analyzer/protocol/dnp3/DNP3.cc	2013-08-11 16:02:27 -07:00
Robin Sommer	36c2433075	Fixing well-known port. This fixes the remaining test.	2013-08-11 15:59:32 -07:00
anthonykasza	d80ad3a06e	levenshtein distance	2013-08-11 00:11:41 -05:00
Seth Hall	48a190276a	Merge remote-tracking branch 'origin/master' into topic/seth/unified2-analyzer	2013-08-10 22:26:35 -04:00
Seth Hall	04de4ce24b	Unified2 file analyzer updated to new plugin style.	2013-08-10 22:26:32 -04:00
Robin Sommer	0e7f51f78c	Merge branch 'master' into topic/robin/dnp3-merge-v3 Conflicts: scripts/base/init-default.bro	2013-08-09 17:11:51 -07:00
Robin Sommer	b71dc5d8ff	Updating submodule(s). [nomail]	2013-08-09 17:06:30 -07:00
Robin Sommer	937afb3e7b	Updating submodule.	2013-08-09 15:34:32 -07:00
Robin Sommer	214272b8e3	Merge remote-tracking branch 'origin/topic/jsiwek/load-order-fix' * origin/topic/jsiwek/load-order-fix: Update coverage baselines for canonical load order of scripts.	2013-08-09 15:32:30 -07:00
Robin Sommer	c05ee4d907	Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: Fix mem leak in DHCP analyzer. Fix a unit test outdated by recent sumstats changes.	2013-08-09 15:31:59 -07:00
Jon Siwek	4bdbd1762d	Update coverage baselines for canonical load order of scripts.	2013-08-09 11:26:49 -05:00
Jon Siwek	b2392aa452	Fix mem leak in DHCP analyzer.	2013-08-09 09:51:09 -05:00
Jon Siwek	db7b6661fe	Fix a unit test outdated by recent sumstats changes.	2013-08-09 09:50:05 -05:00
Seth Hall	a6eb7bb9df	Merge remote-tracking branch 'origin/master' into topic/seth/unified2-analyzer Conflicts: src/CMakeLists.txt	2013-08-08 20:53:54 -04:00
Seth Hall	51c83c7f42	Merge remote-tracking branch 'origin/master' into topic/seth/file-entropy	2013-08-05 17:35:27 -04:00
Seth Hall	e52b174594	Fix the SSL infinite loop I just created.	2013-08-05 17:29:39 -04:00
Seth Hall	3eb7690527	Merge remote-tracking branch 'origin/master' into topic/seth/file-entropy	2013-08-05 16:45:40 -04:00
Seth Hall	595e2f3c8a	Change to SSL log delay to cause the log to write even if delay times out.	2013-08-05 16:45:05 -04:00
Seth Hall	b7877792c9	First commit of file entropy analyzer. - Code comments need cleaned up still.	2013-08-05 00:02:48 -04:00
Robin Sommer	2f0671aeeb	Updating tests for DHCP.	2013-08-03 20:50:33 -07:00
Robin Sommer	e7aefcdf36	Merge branch 'master' into topic/robin/dhcp-merge	2013-08-03 19:14:01 -07:00
Robin Sommer	308db797c3	Merge remote-tracking branch 'origin/topic/vladg/dhcp' * origin/topic/vladg/dhcp: DHCP: Adding unit tests. DHCP: Rework the DHCP analyzer to make it compatible again.	2013-08-03 19:14:00 -07:00
Matthias Vallentin	e226781a3c	Remove debugging code.	2013-08-03 16:55:29 +02:00
Matthias Vallentin	c526ebcfeb	Update baseline with now correct FP tests.	2013-08-03 16:54:47 +02:00
Seth Hall	1eadeaec3c	Fix a major memory issue in the SumStats framework. - There are still problems, but this should prevent a deadlock issue and help with memory use.	2013-08-03 01:57:51 -04:00
Seth Hall	56de65461e	Merge remote-tracking branch 'origin/topic/seth/sumstats-updates' * origin/topic/seth/sumstats-updates: Still fixing bugs in sumstats updated api cluster support. Hopefully fix the SumStats cluster support. Fix the SumStats top-k plugin and test. Updates for SumStats API to deal with high memory stats. Beginning rework of SumStats API. Tiny fix to account for missing str field (not sure how this happens yet) Add server samples to SSH bruteforce detection. Fix a reporter message in sumstats. SumStats changes to how thresholding works to simplify and reduce memory use. More adjustments to try and correct SumStats memory use. Hopefully fixing a strange error. Large update for the SumStats framework.	2013-08-02 22:37:39 -04:00
Seth Hall	ffe89e9cc0	Merge remote-tracking branch 'origin/master' into topic/seth/sumstats-updates	2013-08-02 22:23:02 -04:00
Robin Sommer	cd2bb2f8f1	Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: Exec module and raw input reader fixes.	2013-08-02 17:19:50 -07:00
Jon Siwek	1531980f3d	Exec module and raw input reader fixes. - Do stream mode for commands done by exec module, it seems important in some cases (e.g. ensure requested stdin is fully written). - For cases where the raw input reader knows the child process has been reaped, set the childpid member to a sentinel value to indicate such so we don't later think we should kill it or wait on it anymore. - More error checking on dup2/close calls. Set sentinel values when closing ends of pipes to prevent double closing a fd. - Signal flag not set when raw input reader's child exits as a result of a signal. Left out a test for this -- might be portability issues (e.g. Ubuntu seems to do things different regarding the exit code and also is printing "Killed" to stderr where other platforms don't).	2013-08-02 17:27:10 -05:00
Seth Hall	6b58ef12d7	Still fixing bugs in sumstats updated api cluster support.	2013-08-02 16:53:56 -04:00
Seth Hall	135094428e	Hopefully fix the SumStats cluster support.	2013-08-02 16:30:34 -04:00

... 182 183 184 185 186 ...

13262 commits