Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
11634 commits 385 branches 195 tags 262 MiB
Commit graph

2707 commits

Author SHA1 Message Date
Johanna Amann
7c71eca7d0 Merge remote-tracking branch 'origin/master' into topic/johanna/netcontrol 2015-07-27 14:49:38 -07:00
Robin Sommer
ba10115181 Merge branch 'topic/jgras/flash-detection' of https://github.com/J-Gras/bro 
Switching from using the http_all_headers() event to
http_message_done(). That delays it a bit, but is the less expensive
event.

* 'topic/jgras/flash-detection' of https://github.com/J-Gras/bro:
  Updated detection of Flash and AdobeAIR.
 2015-07-27 11:05:49 -07:00
Albert Zaharovits
b4e8a44630 SMTP logs include CC: addresses [BIT-1429] 2015-07-26 22:08:43 +03:00
Jan Grashoefer
b765c95d6e Updated detection of Flash and AdobeAIR. 2015-07-24 14:33:53 +02:00
Liang Zhu
49c570593a check value before assign 2015-07-23 15:46:23 -07:00
Robin Sommer
fb848f795d Merge branch 'master' of https://github.com/aaronmbr/bro 
* 'master' of https://github.com/aaronmbr/bro:
  Copy-paste issue
  Allow for logging of the VLAN data about a connection in conn.log
  Save the inner vlan in the Packet object for Q-in-Q setups
 2015-07-23 13:05:28 -07:00
Aaron Brown
f29dbb90a5 Allow for logging of the VLAN data about a connection in conn.log 2015-07-22 14:13:17 -04:00
Johanna Amann
4a5737708c Basic IMAP StartTLS analyzer. 
Parses certificates out of imap connections using StartTLS. Aborts
processing if StartTLS is not found.
 2015-07-22 10:35:49 -07:00
Liang Zhu
cea1b62a9a small bug fix 2015-07-21 23:38:56 -07:00
Liang Zhu
62225d5f5f Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-21 18:40:45 -07:00
Liang Zhu
462f6608a8 log the time for server first encrypted application data 2015-07-21 14:44:33 -07:00
Johanna Amann
0b897c70da Add xmpp dpd sig and fix a few parsing problems for connections that do 
not upgrade to TLS.
 2015-07-21 13:20:35 -07:00
Johanna Amann
574bcb0a51 Add simple XMPP StartTLS analyzer. 
This is a very simple XMPP analyzer that basically only can parse the
protocol until the client and server start negotiating a TLS session. At
that point, the TLS analyzer is attached.

While the basic case seems to be working, I fully expect that I missed
something and that this might break in a lot of cases.
 2015-07-21 12:18:14 -07:00
Robin Sommer
358f3bfe84 Merge branch 'topic/robin/rework-packets-merge' 2015-07-21 08:32:08 -07:00
Liang Zhu
5f2cb840d7 add user_agent to ocsp-to-match log 2015-07-20 16:55:19 -07:00
Liang Zhu
fa654121ec fix url parsing bug 2015-07-20 15:46:21 -07:00
Liang Zhu
b4fce308f0 minor change to deal with empty request 2015-07-18 19:36:47 -07:00
Liang Zhu
4e8d15d8d1 small bug fix 2015-07-18 01:53:28 -07:00
Liang Zhu
0c3b03ac8d log original uri and fix GET url parsing 2015-07-18 01:06:31 -07:00
Liang Zhu
6c9b49a5d7 fix a bug for ocsp-ssl-split.bro 2015-07-17 16:00:18 -07:00
Robin Sommer
fe3579f1b4 Merge branch 'topic/rework-packets' of https://github.com/jsbarber/bro 
* 'topic/rework-packets' of https://github.com/jsbarber/bro:
  One more tinker to Packet -- ensure no uninitialized values
  Packet::IP()-created IP_Hdr should not free
  Make enums work for non-C++11 config
  Refactor to make bro use a common Packet object. Do a better job of parsing layer 2 and keeping track of layer 3 proto. Add support for raw packet event, including Layer2 headers.

Conflicts:
	aux/plugins
 2015-07-17 12:56:04 -07:00
Liang Zhu
569e637eb1 small changes for parsing GET url 2015-07-16 19:31:58 -07:00
Liang Zhu
d20925f230 make parsing GET url more robust 2015-07-16 19:07:13 -07:00
Liang Zhu
cb0aa7725e fix a few bug for logging 2015-07-16 18:20:57 -07:00
Liang Zhu
00a0313967 fix a bug for parsing OCSP Get request 2015-07-16 18:10:05 -07:00
Johanna Amann
5f07268805 Small changes to iana tls registry. 2015-07-16 16:40:35 -07:00
Liang Zhu
f0c642cd25 update logging for ocsp and baseline 2015-07-15 13:31:41 -07:00
Liang Zhu
fb757d96a6 clean up ocsp/main.bro 2015-07-15 10:39:46 -07:00
Liang Zhu
c2f1c428f0 fix a bug and update baseline 2015-07-15 01:06:12 -07:00
Liang Zhu
01094bfc43 add parsing ocsp request in get url 2015-07-15 00:40:39 -07:00
Liang Zhu
1f5a7aecbc change log schema for ocsp-ssl-split.bro 2015-07-13 15:23:56 -07:00
Liang Zhu
9553c8aefc separated logging for ocsp and ssl 2015-07-12 13:52:26 -07:00
Liang Zhu
406fec9ef4 potentially fix a memory problem ocsp-measurement 2015-07-09 11:56:58 -07:00
Liang Zhu
6947387522 add status_type to ocsp stapling log 2015-07-08 14:21:53 -07:00
Liang Zhu
545848d906 add parameter 'status_type' to event ssl_stapled_ocsp 2015-07-08 14:11:14 -07:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00
Johanna Amann
eb9fbd1258 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-07-08 12:15:09 -07:00
Liang Zhu
e2c30f0005 record more timestamp for ocsp measurement 2015-07-06 17:52:13 -07:00
Liang Zhu
d18a96bc8d separated field for ocsp response timestamp and update baseline 2015-07-06 16:12:52 -07:00
Robin Sommer
c1f060be63 Merge branch 'topic/yunzheng/bit-1314' 
I've worked on this a bit more:

    - Added tcp_max_old_segments to init-bare.bro.
    - Removed the existing call to Overlap() as that now led to
      duplicate events.
    - Fixed the code checking for overlaps, as it didn't catch all the
      cases.

BIT-1314 #merged
GitHub #31 merged

* topic/yunzheng/bit-1314:
  BIT-1314: Added QI test for rexmit_inconsistency
  BIT-1314: Add detection for Quantum Insert attacks
 2015-07-03 08:40:12 -07:00
Liang Zhu
8844d344af add connection in ocsp log 2015-07-02 17:46:43 -07:00
Liang Zhu
386a5b811d add optional logging for parsed ocsp stapling message 2015-07-02 14:23:38 -07:00
Liang Zhu
2743966fcc add a script to combine ocsp with ssl 2015-07-01 17:00:41 -07:00
Liang Zhu
356480745c add function to get hash of cert issuer name 2015-06-19 15:01:31 -07:00
Liang Zhu
d1c568663c add btest and fix bug 2015-06-19 09:37:10 -07:00
Liang Zhu
d84d1d24e8 add ocsp logging 2015-06-17 19:18:37 -07:00
Liang Zhu
e9baddfd6b add a file analyzer to parse ocsp request and response 
add two events: ocsp_request and ocsp_response
 2015-06-15 11:05:04 -07:00
Robin Sommer
582da62d04 Fix reporter errors with GridFTP traffic. 2015-06-08 09:42:06 -07:00
Johanna Amann
17796182c6 fix acld plugin to use address instead of subnet (and add functions for 
conversion)
 2015-06-05 00:00:20 -07:00
Johanna Amann
cedb80ff74 implement quarantine 2015-06-04 16:21:30 -07:00