Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
9059 commits 385 branches 195 tags 258 MiB
Commit graph

16 commits

Author SHA1 Message Date
Daniel Thayer
3f9e7138bd More bro-to-zeek renaming in the unit tests 2019-05-16 02:27:54 -05:00
Robin Sommer
789cb376fd GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 
This also installs symlinks from "zeek" and "bro-config" to a wrapper
script that prints a deprecation warning.

The btests pass, but this is still WIP. broctl renaming is still
missing.

#239
 2019-05-01 21:43:45 +00:00
Jon Siwek
a994be9eeb Merge remote-tracking branch 'origin/topic/seth/zeek_init' 
* origin/topic/seth/zeek_init:
  Some more testing fixes.
  Update docs and tests for bro_(init|done) -> zeek_(init|done)
  Implement the zeek_init handler.
 2019-04-19 11:24:29 -07:00
Jon Siwek
1e57e3f026 Use .zeek file suffix in unit tests 2019-04-16 16:08:57 -07:00
Seth Hall
9d676d368b Some more testing fixes. 2019-04-14 09:58:30 -04:00
Seth Hall
5db766bd88 Update docs and tests for bro_(init|done) -> zeek_(init|done) 2019-04-14 08:49:12 -04:00
Jon Siwek
8b29df96cc Merge branch 'master' of https://github.com/hosom/zeek 
* 'master' of https://github.com/hosom/zeek:
  Normalize the intel seen filename for smb.
  load smb-filenames in scripts/policy/frameworks/intel/seen/__load__.bro
  Add SMB::IN_FILE_NAME to Intel::Where enum
  Support filenamess for SMB files

I added a test case
 2019-03-25 16:45:59 -07:00
Jan Grashoefer
2d9b90cddc Added test for intel removal policy script. 2019-03-24 22:24:12 +01:00
Seth Hall
d6a7322a75 Merge branch 'topic/jgras/intel-update' of https://github.com/J-Gras/bro into topic/seth/intel-update-merge 
# Conflicts:
#	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
#	testing/btest/Baseline/scripts.policy.frameworks.intel.seen.certs/intel-all.log
 2016-08-02 15:50:43 -04:00
Seth Hall
6bc7c3f1be Merge remote-tracking branch 'origin/master' into J-Gras-topic/jgras/bit-1507 
# Conflicts:
#	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2016-06-15 10:32:46 -04:00
Jan Grashoefer
cb33028702 Added hook to allow extending the intel log. 
The extension mechanism is basically the one that Seth introduced with
his intel extensions. The main difference lies in using a hook instead
of an event. An example policy implements whitelisting.
 2016-05-11 23:59:46 +02:00
Jan Grashoefer
859eb5eac7 Merge branch 'master' into topic/jgras/intel-update 2016-05-11 18:59:58 +02:00
Johanna Amann
00e759b44c Intel: CERT_HASH indicator type was never checked 
Hence, when people specify data of type CERT_HASH in their intel source
files, it will never trigger an alert.
 2016-04-11 15:50:55 +02:00
Jan Grashoefer
6f891ca2ff Added test-case for intel framework matching email 
Addresses #1507
 2015-12-16 14:51:02 +01:00
Johanna Amann
0d9869a2aa (Hopefully) fix race condition between trace and intel file. 2015-07-15 09:14:36 -07:00
Johanna Amann
946f19fb9d Use our new features to send the CN and SAN fields of certificates to 
the intel framework.
 2015-03-03 17:15:24 -08:00