Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
13262 commits 388 branches 195 tags 269 MiB
Commit graph

13262 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Hall
5c3bf14d16 Fixed a scriptland state issue that manifested especially badly on proxies. 2013-07-22 14:02:56 -04:00
Matthias Vallentin
a39f980cd4 Implement and test Bloom filter merging. 2013-07-22 18:11:12 +02:00
Matthias Vallentin
eb64f5f961 Make hash functions equality comparable. 2013-07-22 18:03:55 +02:00
Jon Siwek
ca5abbf13a Merge branch 'master' into topic/jsiwek/exec-module 2013-07-22 10:23:28 -05:00
Matthias Vallentin
9c2f57a9d9 Make counter vectors mergeable. 2013-07-22 16:36:54 +02:00
Matthias Vallentin
a3c61fe7eb Use half adder for bitwise addition and subtraction. 2013-07-22 15:55:51 +02:00
Matthias Vallentin
7a0240694e Fix and test counting Bloom filter. 2013-07-22 14:09:32 +02:00
Vlad Grigorescu
deeb5ec38e Rework the DHCP analyzer to make it compatible again. 2013-07-21 20:31:23 -04:00
Matthias Vallentin
79a2e4b5d5 Implement missing CounterVector functions. 2013-07-21 22:41:48 +02:00
Matthias Vallentin
fd2e155d1a Tweak hasher interface. 2013-07-21 17:59:03 +02:00
Seth Hall
58f59b9bc3 Add server samples to SSH bruteforce detection. 2013-07-20 02:08:52 -04:00
Seth Hall
26f8bd7ad7 Fix a reporter message in sumstats. 2013-07-20 01:21:01 -04:00
Seth Hall
9dae9dd3e2 Remove the intel insertion after heuristically detecting ssh bruteforcing. 2013-07-19 13:53:15 -04:00
Seth Hall
9b444b2617 Updates for the Intel Framework. 
- Intel importing format has changed (refer to docs).

 - All string matching is now case insensitive.

 - SMTP intel script has been updated to extract email
   addresses correctly.

 - Small fix sneaking into the smtp base script to actually
   extract individual email addresses in the To: field
   correctly.
 2013-07-19 13:16:12 -04:00
Robin Sommer
d349520745 Another test fix. 
The classic "uniq -c" is not portable ...
 2013-07-18 21:34:02 -07:00
Robin Sommer
006e370ee0 Canonyfying the output of core.print-bpf-filters. 
I couldn't figure out why it's not stable but it doesn't seem to
matter for now unless more such situations show up.
 2013-07-18 19:58:19 -07:00
Vlad Grigorescu
4b81030e3f Merge topic/seth/faf-updates. 2013-07-18 19:40:34 -04:00
Robin Sommer
720e146fcc Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fixing a dns reporter message in master.
 2013-07-18 12:30:43 -07:00
Seth Hall
1e32100fed Fixing a dns reporter message in master. 2013-07-18 09:24:22 -04:00
Robin Sommer
c373f93c4f Updating submodule(s). 
[nomail]
 2013-07-17 21:57:25 -07:00
Robin Sommer
efd343af8d Extending external canonifier to remove fractional values from 
capture_loss.log.
 2013-07-17 21:57:17 -07:00
Robin Sommer
d8801bb9c4 Canonifying internal order for plugins and their components to make it 
deterministic.
 2013-07-17 21:57:13 -07:00
Robin Sommer
57b05a2989 Small raw reader tweaks that I forgot to commit earlier. 2013-07-17 17:30:35 -07:00
Seth Hall
7838113dc2 Merge remote-tracking branch 'origin/master' into topic/seth/faf-updates 
Conflicts:
	magic
 2013-07-16 12:09:53 -04:00
Seth Hall
eb7ceb3e9a Forgot a file. 2013-07-16 12:07:33 -04:00
Seth Hall
0bfdcc1fbc Added protocol description functions that provide a super compressed log representation. 2013-07-16 12:01:50 -04:00
Robin Sommer
18201afcf8 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Small raw reader fixes * crash when accessing nonexistant file. * memory leak when reading from file.
 2013-07-15 18:19:08 -07:00
Bernhard Amann
7427ce511b Small raw reader fixes 
* crash when accessing nonexistant file.
* memory leak when reading from file.

Addresses #1038.
 2013-07-15 13:50:40 -07:00
Robin Sommer
58290d6fc0 Updating NEWS. 2013-07-14 08:42:35 -07:00
Robin Sommer
50357ec47a Merge remote-tracking branch 'origin/topic/bernhard/sqlite-update' 
* origin/topic/bernhard/sqlite-update:
  yep, freebsd still needs this fix
  bump sqlite to 3.7.17.

Closes #1037.
 2013-07-14 08:04:19 -07:00
Seth Hall
4dd4c5344e Fix a bug where orig file information in http wasn't working right. 2013-07-12 16:12:26 -04:00
Seth Hall
b14f5a853e Added mime types to http.log 2013-07-12 16:06:40 -04:00
Bernhard Amann
e01678d132 yep, freebsd still needs this fix 2013-07-12 21:09:13 +02:00
Jon Siwek
1a60fae41c Clean up queued but unused file_over_new_connections event args. 2013-07-11 11:36:49 -05:00
Seth Hall
3d5c17e9e0 Add jar files to the default MHR lookups. 2013-07-10 23:46:01 -04:00
Robin Sommer
ef6b4885dd Adding some temporary testing/demonstration to front page. 2013-07-10 15:07:44 -07:00
Robin Sommer
6581844de9 Merge branch 'topic/documentation' of ssh://git.bro-ids.org/bro into topic/documentation 2013-07-10 15:01:05 -07:00
Robin Sommer
8a0cc31d0a Switching btest to topic/robin/parts branch. 2013-07-10 14:59:40 -07:00
Robin Sommer
06287966a1 Bringing the DPD POP3 signature back. 
This also avoids the need for updating the external test suite.
 2013-07-10 14:19:00 -07:00
Seth Hall
be8c947c04 Adding CAB files for MHR checking. 2013-07-10 17:04:09 -04:00
Seth Hall
bf4f57383f Improve malware hash registry script. 
- Include a link to a virustotal search in the notice sub message field.

 - Give all information returned from Team Cymru in the notice message.

 - Add more file types to match on to the default set.
 2013-07-10 16:52:39 -04:00
Seth Hall
22b4f8dd90 Fix a small issue with finding smtp entities. 2013-07-10 16:51:22 -04:00
Seth Hall
788a31edcd Added support for files to the notice framework. 2013-07-10 16:29:07 -04:00
Seth Hall
2e0912b543 Merge remote-tracking branch 'origin/topic/seth/bittorrent-fix-and-dpd-sig-breakout' into topic/seth/faf-updates 
Conflicts:
	magic
	scripts/base/protocols/http/__load__.bro
	scripts/base/protocols/irc/__load__.bro
	scripts/base/protocols/smtp/__load__.bro
 2013-07-10 16:28:38 -04:00
Jon Siwek
99d604c9b5 Make the custom libmagic database a git submodule. 
The magic files couldn't be in the root of that repo or else
libmagic would abort when it ran in to the .git* files and tried
to treat them like magic files, too.
 2013-07-10 14:06:51 -05:00
Robin Sommer
cb09bd6358 Merge remote-tracking branch 'origin/topic/seth/bittorrent-fix-and-dpd-sig-breakout' 
Closes #1035.

* origin/topic/seth/bittorrent-fix-and-dpd-sig-breakout:
  Small test fixes.
  Added a missing curly brace in smtp/dpd.sig
  Fix a bug where the same analyzer tag was reused for two different analyzers.
  Moved DPD signatures into script specific directories.
 2013-07-10 11:37:57 -07:00
Robin Sommer
7d8a135ca4 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  const adjustment
 2013-07-10 10:55:45 -07:00
Jon Siwek
0394493fac const adjustment 
And fixes compiler warning about overloaded virtual function hiding.
 2013-07-10 11:55:40 -05:00
Matthias Vallentin
446344ae99 Add missing include for GCC. 2013-07-10 01:32:59 -07:00
Matthias Vallentin
21a07ced82 Merge branch 'topic/matthias/bloom-filter' of ssh://git.bro.org/bro into topic/matthias/bloom-filter 2013-07-10 01:29:06 -07:00