Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
17337 commits 385 branches 195 tags 261 MiB
Commit graph

17337 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Hall
cb904cec4f Ugh, still major failure. I'm just cutting the timeout handling for now. 2011-12-15 12:46:15 -05:00
Seth Hall
f1f5719f83 Fixed a small bug major problem with email delay timeout catching. 2011-12-15 12:41:05 -05:00
Seth Hall
2d97e25eeb Initial fixes for the problem of async actions with notice email extensions. 2011-12-15 12:27:41 -05:00
Robin Sommer
28c0733dca Adding todo to all protocol events that aren't generated yet because 
2.0 doesn't activate the analyzer.

Seth, can you double-check whether I got the right events?
 2011-12-15 06:40:21 -08:00
Robin Sommer
55c982fa14 Adding Broxygen comments to init-bare.bro. 
I've left a few TODOs in there for protocol-specific fields that I
couldn't directly figure out in their meaning. Feel free to fill in
where you can.
 2011-12-15 06:38:59 -08:00
Jon Siwek
303993254e Add more DPD and packet filter framework docs. 2011-12-14 16:07:36 -06:00
Jon Siwek
d89658c19b Add more signature framework documentation. 2011-12-14 12:50:54 -06:00
Jon Siwek
a543ebbea5 Add more notice framework documentation. 2011-12-14 10:05:52 -06:00
Jon Siwek
86cba4c33f Fix missing action in notice policy for looking up GeoIP data. 2011-12-13 16:17:44 -06:00
Jon Siwek
ae57cbe5fc Better persistent state config warning messages (fixes #433). 2011-12-13 09:52:26 -06:00
Matthias Vallentin
362b8105fd More directive fixes. 2011-12-12 13:18:55 -08:00
Matthias Vallentin
6ba62b200d Remove X.509 from first-sentence documention. 
It turns out that Doxygen uses the first dot (in X.509) as marker for the
one-sentence summary.
 2011-12-12 13:12:52 -08:00
Matthias Vallentin
b04b5fea16 Mark match_signatures as internal. 2011-12-12 13:12:24 -08:00
Seth Hall
61aa592db5 A few updates for SQL injection detection. 
- The biggest change is the change in notice names from
	HTTP::SQL_Injection_Attack_Against to
	HTTP::SQL_Injection_Victim

- A few new SQL injection attacks in the tests that we need to
  support at some point.
 2011-12-12 14:26:54 -05:00
Jon Siwek
ff7a1ed9d5 Fix some sphinx warnings. 2011-12-12 11:07:18 -06:00
Matthias Vallentin
72a7814657 Document currently dysfunctional anonymization BiFs. 2011-12-11 19:10:21 -08:00
Matthias Vallentin
50d5571939 Give mode2string a more generic name. 2011-12-11 18:49:00 -08:00
Matthias Vallentin
3814313b0b Merge branch 'master' into topic/bif_cleanup 2011-12-11 18:47:19 -08:00
Matthias Vallentin
1b646c9119 Reorder and group BiFs. 2011-12-10 23:13:04 -08:00
Matthias Vallentin
e17206e7ff Merge branch 'topic/script-reference' of ssh://git.bro-ids.org/bro into topic/script-reference 2011-12-10 22:15:03 -08:00
Matthias Vallentin
4a9a17292f Finish documenting bro.bif. 2011-12-10 22:14:48 -08:00
Seth Hall
76a0b9ad3c Fixed some DPD signatures for IRC. Fixes ticket #311. 
- The larger issue from ticket 313 still stands.
 2011-12-10 22:33:49 -05:00
Seth Hall
6478b4acaf Removing Off_Port_Protocol_Found notice. 
- Other very small cleanup.
 2011-12-10 00:18:10 -05:00
Seth Hall
b1c891f857 Merge branch 'fastpath' of ssh://git.bro-ids.org/bro into fastpath 2011-12-10 00:13:49 -05:00
Seth Hall
00fb187927 SSH::Interesting_Hostname_Login cleanup. Fixes #664. 2011-12-10 00:13:37 -05:00
Bernhard Amann
dcc7fe3c38 start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface... 2011-12-09 16:47:58 -08:00
Jon Siwek
8e89d78788 Add more cluster and communication framework documentation. 2011-12-09 17:31:47 -06:00
Seth Hall
ec721dffec Added is_orig fields to the SSL events and adapted script. 
- Added a field named $last_alert to the SSL log.  This doesn't even
  indicate the direction the alert was sent, but we need to start somewhere.

- The x509_certificate function has an is_orig field now instead of
  is_server and it's position in the argument list has moved.

- A bit of reorganization and cleanup in the core analyzer.
 2011-12-09 16:56:12 -05:00
Jon Siwek
2cf7bb5788 Teach Broxygen to more generally reference attribute values by name. 2011-12-09 15:39:31 -06:00
Jon Siwek
1f57827e54 Add more logging framework documentation. 2011-12-09 14:30:21 -06:00
Bernhard Amann
0313039977 log protocol in notices. 2011-12-08 14:44:45 -08:00
Bernhard Amann
311cd1b116 after talking to seth - change host_a field in record back to host. 2011-12-08 14:25:46 -08:00
Bernhard Amann
e0b7dc0451 fix compile warnings 2011-12-08 14:12:59 -08:00
Jon Siwek
6d3b29b0ec Add builtin type documentation, clean up format of attribute docs. 2011-12-08 15:55:38 -06:00
Seth Hall
3391270527 Fixed a really dumb bug that was causing the malware hash registry script to break. 2011-12-08 14:25:52 -05:00
Seth Hall
04e2773d30 Fixed some bugs with capturing data in the base DNS script. 2011-12-08 13:06:45 -05:00
Jon Siwek
80b24513e7 Fix Broxygen confusing scoped id at start of line as function parameter. 2011-12-07 17:08:38 -06:00
Bernhard Amann
7e3ebc1817 forgotten policy files. 2011-12-07 15:03:36 -08:00
Jon Siwek
5126b65493 Add reporter bif/framework documentation. 2011-12-07 16:54:40 -06:00
Jon Siwek
9ac338341e Merge branch 'master' into topic/script-reference 2011-12-07 15:47:29 -06:00
Bernhard Amann
94f53e3eb3 Merge branch 'topic/bernhard/log-send-proto' into topic/bernhard/input 
Conflicts:
	src/LogMgr.cc
	src/LogMgr.h

Also fixup Input framework to work with the changed definitions.
 2011-12-07 13:25:57 -08:00
Bernhard Amann
89a29c3d7d Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2011-12-07 13:13:43 -08:00
Bernhard Amann
35fa52ea48 update baseline 2011-12-07 13:10:35 -08:00
Bernhard Amann
e114bdf627 make LogWriter output the type of data stored inside a set or vector. 
Now the type output is e.g. vector[string] instead of just vector.
 2011-12-07 13:04:46 -08:00
Bernhard Amann
4b3cc95f72 send enum instead of string 2011-12-07 12:43:15 -08:00
Bernhard Amann
a0da991030 memleak fix. 2011-12-07 12:21:42 -08:00
Bernhard Amann
ca17a1cf46 make logging framework send the protocol to the writer. 
for use in future writers, that have a special type for port, which includes the protocol.
 2011-12-07 12:21:38 -08:00
Bernhard Amann
707926aaa4 Software framework stores ports for server software. 2011-12-07 12:12:46 -08:00
Jon Siwek
ab315949d6 Remove remnant of libmagic optionality 2011-12-07 12:53:11 -06:00
Robin Sommer
f1e132cd1a Adding missing script. 2011-12-07 10:28:56 -08:00